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[Name of the Invention] 



Specification 



[Title of the Invention] 



Peripheral Equipment, 



Information Processing 



Apparatus, Peripheral 



Equipment Control System, 



Management Method, 



Management Software, And 



Storage Medium 



[What Is Claimed Is] 
[Claim 1] 

Peripheral equipment managed by a directory 
server connected through a network, for managing a job 
sent from an external device in accordance with a job 
management command received, comprising: 

first decrypting means for decrypting an access 
ticket included in said job; 

second decrypting means for decrypting an access 
ticket included in the job management command; and 

managing means for managing said job in 

accordance with the decrypted contents of the access 

ticket included in said job and the access ticket 

included in said job management command. 
[Claim 2] 

Peripheral equipment managed by a directory 
server connected through a network, for managing a job 
sent from an external device in accordance with a job 
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management command received, comprising: 

first decrypting means for decrypting an access 
ticket included in said job; 

second decrypting means for decrypting an access 
ticket included in the job management command; 

storing means for storing said decrypted access 
ticket included in the job management command; 

issuing means for issuing a session key for said 
stored access ticket; 

obtaining means for obtaining said stored access 
ticket in accordance with said session key included in 
said job management command; and 

managing means for managing said job in 
accordance with the decrypted contents of the access 
ticket included in said job and said obtained access 
ticket. 

[Claim 3] 

The peripheral equipment according to claim 1 or 
2, further comprising: 

comparing means for comparing user ID 
information in the access ticket included in said job 
with user ID information in the access ticket included 
in said job management command; and 

instructed operation executing means for 
performing an operation instructed by said job 
management command when the user ID information is 
identical in both access tickets. 
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[Claim 4] 

The peripheral equipment according to claim 3, 
wherein said job management command is a command for 
canceling the instructed job. 

[Claim 5] 

The peripheral equipment according to claim 1 or 
2, comprising: 

comparing means for comparing user ID 
information in the access ticket included in said job 
with user ID information in the access ticket included 
in said job management command; and 

reply means for replying all information related 
to said job when the user ID information is identical 
in both access tickets, and for replying only a part of 
the information related to said job when the user ID 
information is not identical in the access tickets, 

wherein said job management command is a command 
for obtaining job information in said peripheral 
equipment . 

[Claim 6] 

The peripheral equipment according to any one of 
claims 1 to 5, wherein said job and said job management 
command are received through a console attached to said 
peripheral equipment or the network. 

[Claim 7] 

Peripheral equipment managed by a directory 
server connected through a network, for managing 
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equipment sent in accordance with an equipment 
management command received, comprising: 

decrypting means for decrypting an access ticket 
included in said job; and 

managing means for managing said equipment in 

accordance with the decrypted contents of the access 

ticket included in said equipment management command. 
[Claim 8] 

Peripheral equipment managed by a directory 
server connected through a network, for managing 
equipment sent in accordance with an equipment 
management command received, comprising: 

decrypting means for decrypting an access ticket 
included in said equipment management command; 

storing means for storing said decrypted access 
ticket included in the equipment management command; 

issuing means for issuing a session key for said 
stored access ticket; 

obtaining means for obtaining said stored access 
ticket in accordance with said session key included in 
said equipment management command; and 

managing means for managing said equipment in 
accordance with the decrypted contents of said obtained 
access ticket. 

[Claim 9] 

An information processing apparatus connected to 
peripheral equipment and a directory server through a 
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network, for causing said peripheral equipment to 
perform job management, comprising: 

issuance requesting means for requesting an 
issue of an access ticket to said directory server; 

command generating means for generating a job 
management command including said generated access 
ticket; and 

command issuing means for issuing said generated 
job management command to said peripheral equipment. 
[Claim 10] 

An information processing apparatus connected to 
peripheral equipment and a directory server through a 
network, for causing said peripheral equipment to 
perform job management, comprising: 

issuance requesting means for requesting an 
issue of an access ticket to said directory servers- 
first command issuing means for setting said 
issued access ticket and generating a management 
command for obtaining a session key to issue the 
command to said peripheral equipment; and 

second command issuing means for generating a 
job management command including said obtained session 
key to issue said command to said peripheral equipment. 
[Claim 11] 

The information processing apparatus according 
to claim 9 or 10, wherein said job management command 
is a command for canceling the instructed job. 
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[Claim 12] 

The information processing apparatus according 
to claim 9 or 10, wherein said job management command 
is a command for obtaining job information in said 
peripheral equipment . 

[Claim 13] 

An information processing apparatus connected to 
peripheral equipment and a directory server through a 
network, for causing said peripheral equipment to 
perform equipment management, comprising: 

issuance requesting means for requesting an 
issue of an access ticket to said directory, server; 

command generating means for generating a 
equipment management command including said issued 
access ticket; and 

command issuing means for issuing said generated 
equipment management command to said peripheral 
equipment . 

[Claim 14] 

An information processing apparatus connected to 
peripheral equipment and a directory server through a 
network, for causing said peripheral equipment to 
perform equipment management, comprising: 

issuance requesting means for requesting an 
issue of an access ticket to said directory server; 

first command issuing means for setting said 
issued access ticket and generating a management 
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command for obtaining a session key to issue the 
command to said peripheral equipment; and 

second command issuing means for generating an 
equipment management command including said obtained 
session key to issue said command to said peripheral 
equipment . 

[Claim 15] 

A peripheral equipment control system connected 
to an information processing apparatus, directory 
server and peripheral equipment through a network, said 
peripheral equipment adapted to manage a job sent from 
said information processing apparatus through said 
network, wherein: 

said information processing apparatus comprises: 

issuance requesting means for requesting an 
issue of an access ticket to said directory server; 

command generating means for generating a job 
management command including said issued access ticket; 
and 

command issuing means for issuing said generated 
job management command to said peripheral equipment, 
and 

said peripheral equipment comprises: 

first decrypting means for decrypting an access 

ticket included in said job; 

second decrypting means for decrypting an access 

ticket included in the job management command; and 
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managing means for managing said job in 
accordance with the decrypted contents of the access 
ticket included in said job and the access ticket 
included in said job management command. 
[Claim 16] 

A peripheral equipment control system connected 
to an information processing apparatus, directory 
server and peripheral equipment through a network, said 
peripheral equipment adapted to manage a job sent from 
said information processing apparatus through said 
network, wherein: 

said information apparatus comprises: 

issuance requesting means for requesting an 
issue of an access ticket to said directory server; 

first command issuing means for setting said 
issued access ticket and generating a management 
command for obtaining a session key to issue the 
command to said peripheral equipment; and 

second command issuing means for generating a 
job management command including said obtained session 
key to issue said command to said peripheral equipment, 
and 

said peripheral equipment comprises: 

first decrypting means for decrypting an access 

ticket included in said job; 

second decrypting means for decrypting an access 

ticket included in the job management command; 
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storing means for storing said decrypted access 
ticket included in the job management command; 

issuing means for issuing a session key for said 
stored access ticket; 

obtaining means for obtained said stored access 
ticket in accordance with said session key included in 
said job management command; and 

managing means for managing said job in 
accordance with the decrypted contents of the access 
ticket included in said job and said obtained access 
ticket . 

[Claim 17] 

A management method of peripheral equipment for 
managing a job sent from an external device in 
accordance with a received job management command, 
comprising : 

a step of decrypting an access ticket included 
in said job; 

a step of decrypting an access ticket included 
in the job management command; and 

a step of managing said job in accordance with 

the decrypted contents of the access ticket included in 

said job and the access ticket included in said job 

management command . 

[Claim 18] 

A management method of peripheral equipment for 
managing a job sent from an external device in 
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accordance with a received job management command, 
comprising : 

a step of decrypting an access ticket included 
in said job; 

a step of decrypting an access ticket included 
in the job management command; 

a step of storing said decrypted access ticket 
included in the job management command; 

a step of issuing a session key for said stored 
access ticket; 

a step of obtaining said stored access ticket in 
accordance with said session key included in said job 
management command; and 

a step of managing said job in accordance with 
the decrypted contents of the access ticket included in 
said job and said obtained access ticket. 

[Claim 19] 

A management method of peripheral equipment for 
performing equipment management in accordance with a 
received equipment management command, comprising: 

a step of decrypting an access ticket included 
in said equipment management command; and 

a step of managing said equipment in accordance 

with the decrypted contents of the access ticket 

included in said equipment management command. 
[Claim 20] 

A management method of peripheral equipment for 
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performing equipment management in accordance with a 
received equipment management command, comprising: 

a step of decrypting an access ticket included 
in said equipment management command; 

a step of storing said decrypted access ticket 
included in the equipment management command; 

a step of issuing a session key for said stored 
access ticket; 

a step of obtaining said stored access ticket in 
accordance with said session key included in said 
equipment management command; and 

a step of managing said equipment in accordance 
with the decrypted contents of said obtained access 
ticket . 

[Claim 21] 

A management method of an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network for causing said 
peripheral equipment to execute job management, 
comprising : 

a step of requesting an issue of an access 

ticket to said directory server; 

a step of generating a job management command 

including said issued access ticket; and 

a step of issuing said generated job management 
command to said peripheral equipment. 

[Claim 22] 
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A management method of an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network for causing said 
peripheral equipment to execute job management, 
comprising: 

a step of requesting an issue of an access 
ticket to said directory server; 

a step of setting said issued access ticket and 
generating a management command for obtaining a session 
key to issue the command to said peripheral equipment; 
and 

a step of generating a job management command 
including said obtained session key to issue said 
command to said peripheral equipment. 

[Claim 23] 

The management method according to claim 17, 18, 
21 or 22, wherein said job management command is a 
command for canceling the instructed job. 

[Claim 24] 

The management method according to claim 17, 18, 

21 or 22, wherein said job management command is a 

command for obtaining job information in said 

peripheral equipment . 
[Claim 25] 

A management method of an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network for causing said 
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peripheral equipment to execute equipment management, 

comprising : 

a step of requesting an issue of an access 

ticket to said directory server; 

a step of generating an equipment management 

command including said issued access ticket; and 

a step of issuing said generated equipment 

management command to said peripheral equipment. 
[Claim 26] 

A management method of an information processing 
apparatus connected to peripheral equipment and a 
directory server through a communication line for 
causing said peripheral equipment to execute equipment 
management, comprising : 

a step of requesting an issue of an access 
ticket to said directory server; 

a step of setting said issued access ticket and 
generating a management command for obtaining a session 
key to issue the command to said peripheral equipment; 
and 

a step of generating an equipment management 
command including said obtained session key to issue 
said command to said peripheral equipment. 
[Claim 27] 

A management software including a program to be 
executed by a computer in peripheral equipment for 
managing a job sent from an external device in 
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accordance with a received job management command, 
wherein said program includes: 

a procedure for decrypting an access ticket 
included in said job; 

a procedure for decrypting an access ticket 
included in the job management command; and 

a procedure for managing said job in accordance 

with the decrypted contents of the access ticket 

included in said job and the access ticket included in 

said job management command. 
[Claim 28] 

A management software including a program to be 
executed by a computer in peripheral equipment for 
managing a job sent from an external device in 
accordance with a received job management command, 
wherein said program includes: 

a procedure for decrypting an access ticket 
included in said job; 

a procedure for decrypting an access ticket 
included in the job management command; 

a procedure for storing said decrypted access 
ticket included in the job management command; 

a procedure for issuing a session key for said 
stored access ticket; 

a procedure for obtaining said stored access 
ticket in accordance with said session key included in 
said job management command; and 
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a procedure for managing said job in accordance 
with the decrypted contents of the access ticket 
included in said job and said obtained access ticket. 

[Claim 29] 

A management software including a program to be 
executed by a computer of peripheral equipment for 
performing equipment management in accordance with a 
received equipment management command, wherein said 
program includes: 

a procedure for decrypting an access ticket 
included in said equipment management command; and 

a procedure for managing said equipment in 

accordance with the decrypted contents of the access 

ticket included in said equipment management command. 
[Claim 30] 

A management software including a program to be 
executed by a computer of peripheral equipment for 
performing equipment management in accordance with a 
received equipment management command, wherein said 
program includes: 

a procedure for decrypting an access ticket 
included in said equipment management command; 

a procedure for storing said decrypted access 
ticket included in the equipment management command; 

a procedure for issuing a session key for said 
stored access ticket; 

a procedure for obtaining said stored access 
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ticket in accordance with said session key included in 

said equipment management command; and 

a procedure for managing said equipment in 

accordance with the decrypted contents of said obtained 

access ticket. 

[Claim 31] 

A management software including a program to be 
executed by a computer in an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network, for causing said 
peripheral equipment to perform job management, wherein 

said program includes: 

a procedure for requesting an issue of an access 

ticket to said directory server; 

a procedure for generating a job management 

command including said issued access ticket; and 

a procedure for issuing said generated job 

management command to said peripheral equipment. 
[Claim 32] 

A management software including a program to be 
executed by a computer in an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network, for causing said 
peripheral equipment to perform job management, wherein 

said program includes: 

a procedure for requesting an issue of an access 
ticket to said directory server; 
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a procedure for setting said issued access 
ticket and generating a management command for 
obtaining a session key to issue the command to said 
peripheral equipment; and 

a procedure for generating a job management 
command including said obtained session key to issue 
said command to said peripheral equipment. 

[Claim 33] 

The management software according to claim 27, 
28, 31 or 32, wherein said job management command is a 
command for canceling the instructed job. 
[Claim 34] 

The management software according to claim 27, 
28, 31 or 32, wherein said job management command is a 
command for obtaining job information in said 
peripheral equipment . 

[Claim 35] 

A management software including a program to be 
executed by a computer in an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network, for causing said 
peripheral equipment to perform equipment management, 
wherein said program includes: 

a procedure for requesting an issue of an access 

ticket to said directory server; 

a procedure for generating an equipment 

management command including said issued access ticket; 
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and 

a procedure for issuing said generated equipment 
management command to said peripheral equipment. 
[Claim 36] 

A management software including a program to be 
executed by a computer in an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network, for causing said 
peripheral equipment to perform equipment management, 
wherein said program includes: 

a procedure for requesting an issue of an access 
ticket to said directory server; 

a procedure for setting said issued access 
ticket and generating a management command for 
obtaining a session key to issue the command to said 
peripheral equipment; and 

a procedure for generating an equipment 
management command including said obtained session key 
to issue said command to said peripheral equipment. 

[Claim 37] 

A storage medium storing a program to be 
executed by a computer in peripheral equipment for 
managing a job sent from an external device in 
accordance with a received job management command, 
wherein said program includes: 

a procedure for decrypting an access ticket 
included in said job; 
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a procedure for decrypting an access ticket 
included in the job management command; and 

a procedure for managing said job in accordance 

with the decrypted contents of the access ticket 

included in said job and the access ticket included in 

said job management command. 
[Claim 38] 

A storage medium storing a program to be 
executed by a computer in peripheral equipment for 
managing a job sent from an external device in 
accordance with a received job management command, 
wherein said program includes: 

a procedure for decrypting an access ticket 
included in said job; 

a procedure for decrypting an access ticket 
included in the job management command; 

a procedure for storing said decrypted access 
ticket included in the job management command; 

a procedure for issuing a session key for said 
stored access ticket; 

a procedure for obtaining said stored access 
ticket in accordance with said session key included in 
said job management command; and 

a procedure for managing said job in accordance 
with the decrypted contents of the access ticket 
included in said job and said obtained access ticket. 

[Claim 39] 
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A storage medium storing a program to be 
executed by a computer in peripheral equipment for 
performing equipment management in accordance with a 
received equipment management command, wherein said 
program includes: 

a procedure for decrypting an access ticket 
included in said equipment management command; and 

a procedure for managing said equipment in 

accordance with the decrypted contents of the access 

ticket included in said equipment management command. 
[Claim 40] 

A storage medium storing a program to be 
executed by a computer in peripheral equipment for 
performing equipment management in accordance with a 
received equipment management command, wherein said 
program includes: 

a procedure for decrypting an access ticket 
included in said equipment management command; 

a procedure for storing said decrypted access 
ticket included in the equipment management command; 

a procedure for issuing a session key for said 
stored access ticket; 

a procedure for obtaining said stored access 
ticket in accordance with said session key included in 
said equipment management command; and 

a procedure for managing said equipment in 
accordance with the decrypted contents of said obtained 
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access ticket. 

[Claim 41] 

A storage medium storing a program to be 
executed by a computer in an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network, for causing said 
peripheral equipment to perform job management, wherein 
said program includes: 

a procedure for requesting an issue of an access 

ticket to said directory server; 

a procedure for generating a job management 

command including said issued access ticket; and 

a procedure for issuing said generated job 

management command to said peripheral equipment. 
[Claim 42] 

A storage medium storing a program to be 
executed by a computer in an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network, for causing said 
peripheral equipment to perform job management, wherein 
said program includes: 

a procedure for requesting an issue of an access 
ticket to said directory server; 

a procedure for setting said issued access 
ticket and generating a management command for 
obtaining a session key to issue the command to said 
peripheral equipment; and 
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a procedure for generating a job management 
command including said obtained session key to issue 
said command to said peripheral equipment. 
[Claim 43] 

The management software according to claim 37, 
38, 41 or 42, wherein said job management command is a 
command for canceling the instructed job. 

[Claim 44] 

The management software according to claim 37, 
38, 41 or 42, wherein said job management command is a 
command for obtaining job information in said 
peripheral equipment. 

[Claim 45] 

A storage medium storing a program to be 
executed by a computer in an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network, for causing said 
peripheral equipment to perform equipment management, 
wherein said program includes: 

a procedure for requesting an issue of an access 

ticket to said directory server; 

a procedure for generating an equipment 

management command including said issued access ticket; 

and 

a procedure for issuing said generated equipment 
management command to said peripheral equipment. 
[Claim 46] 
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A storage medium including a program to be 
executed by a computer in an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network, for causing said 
peripheral equipment to perform equipment management, 
wherein said program includes: 

a procedure for requesting an issue of an access 
ticket to said directory server; 

a procedure for setting said issued access 
ticket and generating a management command for 
obtaining a session key to issue the command to said 
peripheral equipment; and 

a procedure for generating an equipment 
management command including said obtained session key 
to issue said command to said peripheral equipment. 
[Claim 47] 

The peripheral equipment according to claim 1 or 
2, further comprising: 

storing means for storing attribute information 
indicating a function of the equipment, a state of the 
equipment, a job state, and so on; and 

acquisition setting execution means for 
acquiring and setting the stored attribute information 
under instruction of the information processing 
apparatus connected to said network, 

wherein said attribute information includes a 
list of types of said usable directory servers. 
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[Claim 48] 

The peripheral equipment according to claim 1 or 
2, further comprising: 

storing means for storing attribute information 
indicating a function of the equipment, a state of the 
equipment, a job state, and so on; and 

acquisition setting execution means for 
acquiring and setting the stored attribute information 
under instruction of the information processing 
apparatus connected to said network, 

wherein said attribute information includes the 
type of a currently used directory server. 
[Claim 49] 

The management method according to claim 21 or 
22, further comprising: 

a step of acquiring said attribute information 
by said information processing apparatus from said 
peripheral equipment; and 

a step of sending a control command in 
accordance with said acquired attribute information, 

wherein said attribute information includes a 
list of types of said usable directory servers . 
[Claim 50] 

The management method according to claim 21 or 
22, further comprising: 

a step of acquiring said attribute information 
by said information processing apparatus from said 
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peripheral equipment; and 

a step of sending a control command in 
accordance with said acquired attribute information, 

wherein said attribute information includes the 
type of a currently used directory server. 

[Claim 51] 

The management software according to claim 31 or 
32, wherein said program comprises: 

a procedure for acquiring said attribute 
information from said peripheral equipment; and 

a procedure for sending a control command in 
accordance with said acquired attribute information, 

wherein said attribute information includes a 
list of types of said usable directory servers. 

[Claim 52] 

The management software according to claim 31 or 
32, wherein said program comprises: 

a procedure for acquiring said attribute 
information from said peripheral equipment; and 

a procedure for sending a control command in 
accordance with said acquired attribute information, 

wherein said attribute information includes the 
type of a currently used directory server. 

[Claim 53] 

The management software according to claim 31 or 
32, wherein said program comprises: 

a procedure for acquiring said attribute 
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information from said peripheral equipment; and 

a procedure for sending a control command in 

accordance with said acquired attribute information, 
wherein said attribute information includes a 

list of types of said usable directory servers. 
[Claim 54] 

The management software according to claim 31 or 
32, wherein said program comprises: 

a procedure for acquiring said attribute 
information from said peripheral equipment; and 

a procedure for sending a control command in 
accordance with said acquired attribute information, 

wherein said attribute information includes the 
type of a currently used directory server. 

[Claim 55] 

The storage medium according to claim 41 or 42, 
wherein said program comprises: 

a procedure for acquiring said attribute 
information from said peripheral equipment; and 

a procedure for sending a control command in 
accordance with said acquired attribute information, 

wherein. said attribute information includes a 
list of types of said usable directory servers. 

[Claim 56] 

The storage medium according to claim 41 or 42, 
wherein said program comprises: 

a procedure for acquiring said attribute 
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information from said peripheral equipment; and 

a procedure for sending a control command in 

accordance with said acquired attribute information, 

wherein said attribute information includes the 

type of a currently used directory server. 
[Claim 57] 

The peripheral equipment according to claim 1 o 
2, which has a console to be operated by a user, is 
connected to said directory server by using user 
information entering through said console, and further 
comprises an acquisition means for acquiring an access 
ticket for the pertinent peripheral equipment of the 
user . 

[Claim 58] 

The peripheral equipment according to claim 1 o 
2, which decrypts the access ticket included in a job 
received through said network, and is operated in 
accordance with the contents of said decrypted access 
ticket . 

[Claim 59] 

The peripheral equipment according to claim 57 
or 58, wherein said access ticket includes user 
information, which peripheral equipment comprising 
recording means for recording the number of prints 
printed in accordance with said user information and 
said job as a log. 

[Claim 60] 
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The peripheral equipment according to claim 57 
or 58, wherein said access ticket includes user 
information, which peripheral equipment comprising 
sending means for sending the number of prints printed 
in accordance with said user information and said job 
to said directory server connected through said network. 
[Claim 61] 

The peripheral equipment according to claim 57 
or 58, wherein said access ticket includes the 
permitted maximum number of prints, which peripheral 
equipment comprising : 

determining means for determining whether the 
job is to be received or not on the basis of said 
permitted maximum number of prints; and 

finishing means for finishing said job when the 
actual number of prints exceeds said permitted maximum 
number of prints. 

[Claim 62] 

The peripheral equipment according to claim 57 
or 58, wherein said access ticket includes user 
information which peripheral equipment comprising: 

obtaining means for obtaining the permitted 
maximum number of prints of the concerned user retained 
in said directory server by using said user information 
immediately before the execution of a job; 

determining means for determining whether the 
job is to be received or not on the basis of said 
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permitted maximum number of prints; and 

finishing means for finishing said job when the 
actual number of prints exceeds said permitted maximum 
number of prints. 

[Claim 63] 

The peripheral equipment according to claim 57, 
wherein said attribute information has a list of 
operation modes to be taken in the case of a failure of 
connecting to the directory server and a current 
operation mode to be taken in the case of a failure of 
connecting to the directory server, which peripheral 
equipment comprising acquisition setting execution 
means for acquiring and setting said attribute 
information under instruction of the information 
processing apparatus connected to said network. 

[Claim 64] 

The peripheral equipment according to claim 57, 
further comprising : 

comparing means for comparing user information 
temporarily stored with user information received from 
said console, 

wherein an operation mode to be taken in the 
case of a failure of connecting to the directory server 
is a mode for performing an operation when said user 
information temporarily stored and the user information 
received from said console coincide. 
[Claim 65] 
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The peripheral equipment according to claim 57, 
further comprising : 

comparing means for comparing user information 
temporarily stored with user information received from 
said console, 

wherein an operation mode to be taken in the 
case of a failure of connecting to the directory server 
is a mode for performing an operation within a 
predetermined limit period of time from normal 
acquisition of an access ticket when said user 
information temporarily stored and the user information 
received from said console coincide. 

[Claim 66] 

The peripheral equipment according to claim 57, 
further comprising : 

comparing means for comparing user information 
temporarily stored with user information received from 
said console, 

wherein an operation mode to be taken in the 
case of a failure of connecting to the directory server 
is a mode for performing an operation within a 
predetermined limit period of time from normal 
acquisition of an access ticket and within the maximum 
permitted number of prints stored in the equipment in 
advance when said user information temporarily stored 
and the user information received from said console 
coincide . 
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[Claim 67] 

The peripheral equipment according to claim 57, 
further comprising : 

comparing means for comparing user information 
temporarily stored with user information received from 
said console, 

wherein an operation mode to be taken in the 
case of a failure of connecting to the directory server 
is a mode for performing an operation within a a 
predetermined limit period of time from normal 
acquisition of an access ticket and within the maximum 
permitted number of prints for the concerned user in 
the user information temporarily stored when said user 
information temporarily stored and the user information 
received from said console coincide. 
[Claim 68] 

The peripheral equipment according to claim 57, 
further comprising : 

comparing means for comparing user information 
temporarily stored with user information received from 
said console, 

wherein an operation mode to be taken in the 
case of a failure of connecting to the directory server 
is a mode for performing an operation within the 
maximum permitted number of prints stored in the 
equipment in advance when said user information 
temporarily stored and the user information received 
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from said console coincide. 
[Claim 69] 

The peripheral equipment according to claim 57, 
further comprising : 

comparing means for comparing user information 
temporarily stored with user information received from 
said console, 

wherein an operation mode to be taken in the 
case of a failure of connecting to the directory server 
is a mode for performing an operation within the 
maximum permitted number of prints for the concerned 
user in the user information temporarily stored when 
said user information temporarily stored and the user 
information received from said console coincide. 
[Claim 70] 

The peripheral equipment according to claim 57, 
further comprising: 

comparing means for comparing user information 
temporarily stored with user information received from 
said console, 

wherein an operation mode to be taken in the 
case of a failure of connecting to the directory server 
is a mode for performing an operation within the 
maximum permitted number of prints for each user 
session stored in the equipment in advance when said 
user information temporarily stored and the user 
information received from said console coincide. 
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[Claim 71] 

The peripheral equipment according to claim 57, 
further comprising : 

comparing means for comparing user information 
temporarily stored with user information received from 
said console, 

wherein an operation mode to be taken in the 
case of a failure of connecting to the directory server 
is a mode for prohibiting the use of the peripheral 
equipment by the user. 

[Claim 72] 

The peripheral equipment according to claim 57, 
wherein the maximum permitted number of prints stored 
in the equipment in advance is reduced in proportion to 
the time from the normal acquisition of an access 
ticket . 

[Claim 73] 

The management method according to claim 17 or 
18, further comprising a step of connecting to the 
directory server by using the user information received 
from the console to acquire an access ticket to the 
peripheral equipment of the pertinent user. 

[Claim 74] 

The management method according to claim 17 or 
18, further comprising a step of decrypting the access 
ticket included in the job received through said 
network so as to operate in accordance with the 
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contents of the decrypted access ticket. 
[Claim 75] 

The management software according to claim 2 6 or 
27, wherein said program includes a procedure for 
connecting to said directory server by using the user 
information received from the console so as to obtain 
an access ticket to the peripheral equipment of the 
pertinent user. 

[Claim 76] 

The management software according to claim 2 6 or 
27, wherein said program includes a procedure for 
decrypting the access ticket included in the job 
received through said network so as to operate in 
accordance with the contents of the decrypted access 
ticket . 

[Claim 77] 

The storage medium according to claim 37 or 38, 
wherein said program includes a procedure for 
connecting to said directory server by using the user 
information received from the console so as to obtain 
an access ticket to the peripheral equipment of the 
pertinent user. 

[Claim 78] 

The storage medium according to claim 37 or 38, 
wherein said program includes a procedure for 
decrypting the access ticket included in the job 
received through said network so as to operate in 
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accordance with the contents of the decrypted access 
ticket . 

[Detailed Description of the Invention] 
[0001] 

[Field of the Industrial Utilization] 

The present invention relates to control of 
peripheral equipment such as a printer, a scanner, a 
copier and a facsimile, setting of a corresponding 
directory server, management of user information of the 
peripheral equipment, peripheral equipment for managing 
the number of prints, etc., an information processing 
apparatus, a peripheral equipment control system, a 
management method, a management software and a storage 
medium. 

[0002] 

[Prior Art] 

In the past, it was possible, in the peripheral 
equipment such as a printer, a copier, and a facsimile 

(FAX), to perform management of jobs (displaying a job 
list, canceling a specified job and so on) of which 
operation or execution is pending in the equipment from 
a computer connected to the equipment via a console of 
the equipment or a network and so on. 

[0003] 

Also, in the past, in the peripheral equipment 
capable of having a job or a control command to include 
an access ticket issued from a directory server, it is 
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required to decrypt the access ticket by using a 
cryptograph key. However, it is also required to set a 
directory server of a type corresponding to the 
peripheral equipment in advance since a cryptosystem 
used for the cryptanalysis and a format of the access 
ticket vary depending on a type of the directory server. 
[0004] 

Further, in the past, the peripheral equipment 
such as the copier and the facsimile performed user 
authentication, in order to perform user information 
management, by displaying a dialog for performing user 
authentication on the console and having user 
information inputted thereon. The user information 
obtained here was checked against a database of the 
user information managed inside the equipment so that 
use permission of the user was issued in the case where 
they coincided. Moreover, in the case where some 
printing was performed as a result of user operation, 
the number of prints was logged together with the user 
information obtained on a login or accumulated on a 
counter for each user so as to manage the number of 
prints for each user. 
[0005] 

In addition, in the past, the peripheral 
equipment such as the printer and the copier performed, 
by discrete devices, management of the numbers of 
prints such as management of the accumulated number of 
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prints for each user and limitation by the maximum 
number of prints. In this case, it was performed by 
providing in the equipment a counter for representing 
the accumulated printing, and ending printing or 
refusing to accept a job when this value becomes a 
predetermined value. 
[0006] 

[Problems to be Solved by the Invention] 

However, when the equipment which issues the job 
is different from the equipment which manages the job, 
in order to issue a print job from, for example, a 
computer to a copier and then to cancel this job 
through a console on the copier, since the information 
used for login in the computer is different from the 
information used for login in the copier, it is not 
possible to see whether or not the job is managed by 
the issuer of the job, which resultantly is a problem 
in terms of the access control in the job management. 
Also, according to the present invention, the means for 
including user information in a management command is 
used to perform a unified access control. However, the 
data size of the user information usually becomes too 
large, and the data size of the management command 
including this user information also becomes large, 
which may arise a problem on the network and the 
performance . 
[0007] 
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Still, when the type of the corresponding 
director server is to be set from a peripheral 
equipment control software operating on a computer 
connected through a network, or the like, it is 
necessary to store in advance the information 
indicating that which director server the peripheral 
equipment to be used can cope with. As a result, it is 
difficult to prepare a general-purpose peripheral 
equipment control software capable of coping with any 
type of peripheral equipment. 
[0008] 

Still further, since the user information 
management has been performed by a single piece of 
equipment, it is difficult to unify the user 
information, under the environment where a plural 
pieces of equipment are used, to be managed by these 
plural pieces of equipment. For example, there arises a 
problem that, if the plural pieces of equipment use the 
same user ID, this user ID does not always identify the 
same user. Moreover, if the maximum permitted number of 
prints is set for each user in one piece of equipment, 
this setting does not have any influence on other 
pieces of equipment. As a result, it is difficult to 
manage the maximum number of prints under such 
environment . 
[0009] 

Since the user information management has been 
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performed by a single piece of equipment, it is 
difficult to unify the user information, under the 
environment where a plural pieces of equipment are used, 
to be managed by these plural pieces of equipment. For 
example, there arises a problem that, if the plural 
pieces of equipment use the same user ID, this user ID 
does not always identify the same user. Moreover, if 
the maximum permitted number of prints is set for each 
user in one piece of equipment, this setting does not 
have any influence on other pieces of equipment. As a 
result, it is difficult to manage the maximum number of 
prints under such environment. 
[0010] 

Therefore, an object of the present invention is, 
in terms of the job management in a network environment, 
to provide peripheral equipment, an information 
processing apparatus, a peripheral equipment control 
system, a management method, management software and a 
storage media that allows a unified access control. 
Another object of the present invention is, in terms of 
job management in a network environment, to provide 
peripheral equipment, an information processing 
apparatus, a peripheral equipment control system, a 
management method, a management software and a storage 
media capable of performing the unified access control 
without deteriorating performance. 
[0011] 
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Another object of the present invention is to 
provide peripheral equipment, an information processing 
apparatus, a peripheral equipment control system, a 
management method, a management software and a storage 
media for general purpose for which the peripheral 
equipment control software to be used is not required 
to have the information on the type of corresponding 
directory server. 
[0012] 

Still another object of the present invention is 
to provide peripheral equipment, an information 
processing apparatus, a peripheral equipment control 
system, a management method, a management software and 
a storage media which perform unified management of 
user information under the environment where plural 
pieces of equipment connected to a network, or the like, 
are used and in which the same user information can be 
used by the plural pieces of equipment. Still another 
object of the present invention is to provide 
peripheral equipment, an information processing 
apparatus, a peripheral equipment control system, a 
management method, a management software and a storage 
media capable of performing centralized management of 
the accumulated number of prints for each user and the 
maximum permitted number of prints under the 
environment where plural pieces of equipment connected 
to a network, or the like, are used. Still another 
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object of the present invention is to provide 
peripheral equipment, an information processing 
apparatus, a peripheral equipment control system, a 
management method, a management software and a storage 
media capable of using the peripheral equipment 
temporarily in the case of failure of the network. 
[0013] 

[Means for Solving the Problems] 

To attain the above objects, according to claim 
1 of the present invention, there is provided 
peripheral equipment managed by a directory server 
connected through a network, for managing a job sent 
from an external device in accordance with a job 
management command received, comprising: first 
decrypting means for decrypting an access ticket 
included in the job; second decrypting means for 

decrypting an access ticket included in the job 
management command; and managing means for managing the 
job in accordance with the decrypted contents of the 
access ticket included in the job and the access ticket 
included in the job management command. 
[0014] 

According to claim 2 of the present invention, 
there is provided peripheral equipment managed by a 
directory server connected through a network, for 
managing a job sent from an external device in 
accordance with a job management command received, 
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comprising: first decrypting means for decrypting an 
access ticket included in the job; second decrypting 
means for decrypting an access ticket included in the 
job management command; storing means for storing the 
decrypted access ticket included in the job management 
command; issuing means for issuing a session key for 
the stored access ticket; obtaining means for obtaining 
the stored access ticket in accordance with the session 
key included in the job management command; and 
managing means for managing the job in accordance with 
the decrypted contents of the access ticket included in 
the job and the obtained access ticket. 
[0015] 

The peripheral equipment further comprises: 
comparing means for comparing user ID information in 
the access ticket included in the job with user ID 
information in the access ticket included in the job 
management command; and instructed operation executing 
means for performing an operation instructed by the job 
management command when the user ID information is 
identical in both access tickets. 
[0016] 

Further, the job management command described 
above is a command for canceling the instructed job. 
[0017] 

Also, the peripheral equipment is characterized 
in that the job management command is a command for 
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obtaining job information in the peripheral equipment 
and further comprises: comparing means for comparing 
user ID information in the access ticket included in 
the job with user ID information in the access ticket 
included in the job management command; and reply 
means for replying all information related to the job 
when the user ID information is identical in both 
access tickets, and for replying only a part of the 
information related to the job when the user ID 
information is not identical in the access tickets. 
[0018] 

Further, the job and the job management command 
are received through a console attached to the 
peripheral equipment or the network. 
[0019] 

According to claim 7 of the present invention, 
there is provided peripheral equipment managed by a 
directory server connected through a network, for 
managing equipment sent in accordance with an equipment 
management command received, comprising: decrypting 
means for decrypting an access ticket included in the 
job; and managing means for managing the equipment in 
accordance with the decrypted contents of the access 
ticket included in the equipment management command. 
[0020] 

According to claim 8 of the present invention, 
there is provided peripheral equipment managed by a 
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directory server connected through a network, for 
managing equipment sent in accordance with an equipment 
management command received, comprising: decrypting 
means for decrypting an access ticket included in the 
equipment management command; storing means for storing 
the decrypted access ticket included in the equipment 
management command; issuing means for issuing a session 
key for the stored access ticket; obtaining means for 
obtaining the stored access ticket in accordance with 
the session key included in the equipment management 
command; and managing means for managing the equipment 
in accordance with the decrypted contents of the 
obtained access ticket. 
[0021] 

According to claim 9 of the present invention, 
there is provided an information processing apparatus 
connected to peripheral equipment and a directory 
server through a network, for causing the peripheral 
equipment to perform job management, comprising: 
issuance requesting means for requesting an issue of an 
access ticket to the directory server; command 
generating means for generating a job management 
command including the generated access ticket; and 
command issuing means for issuing the generated job 
management command to the peripheral equipment. 
[0022] 

There is also provided an information processing 
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apparatus connected to peripheral equipment and a 
directory server through a network, for causing the 
peripheral equipment to perform job management, 
comprising: issuance requesting means for requesting an 
issue of an access ticket to the directory servers- 
first command issuing means for setting the issued 
access ticket and generating a management command for 
obtaining a session key to issue the command to the 
peripheral equipment; and second command issuing 

means for generating a job management command including 
the obtained session key to issue the command to the 
peripheral equipment . 
[0023] 

Further, the job management command described 
above is a command for canceling the instructed job. 
[0024] 

Also, the job management command described above 
is a command for obtaining job information in the 
peripheral equipment . 
[0025] 

According to claim 13 of the present invention, 
there is provided an information processing apparatus 
connected to peripheral equipment and a directory 
server through a network, for causing the peripheral 
equipment to perform equipment management, comprising: 
issuance requesting means for requesting an issue of an 
access ticket to the directory server; command 
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generating means for generating a equipment management 
command including the issued access ticket; and command 
issuing means for issuing the generated equipment 
management command to the peripheral equipment. 
[0026] 

According to claim 14 of the present invention, 
there is provided an information processing apparatus 
connected to peripheral equipment and a directory 
server through a network, for causing the peripheral 
equipment to perform equipment management, comprising: 
issuance requesting means for requesting an issue of an 
access ticket to the directory server; first command 
issuing means for setting the issued access ticket and 
generating a management command for obtaining a session 
key to issue the command to the peripheral equipment; 
and second command issuing means for generating an 
equipment management command including the obtained 
session key to issue the command to the peripheral 
equipment . 
[0027] 

According to claim 15 of the present invention, 
there is provided a peripheral equipment control system 
connected to an information processing apparatus, 
directory server and peripheral equipment through a 
network, the peripheral equipment adapted to manage a 
job sent from the information processing apparatus 
through the network, wherein: the information 
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processing apparatus comprises: issuance requesting 
means for requesting an issue of an access ticket to 
the directory server; command generating means for 
generating a job management command including the 
issued access ticket; and command issuing means for 
issuing the generated job management command to the 
peripheral equipment, and the peripheral equipment 
comprises: first decrypting means for decrypting an 
access ticket included in the job; second decrypting 
means for decrypting an access ticket included in the 
job management command; and managing means for managing 
the job in accordance with the decrypted contents of 
the access ticket included in the job and the access 
ticket included in the job management command. 
[0028] 

According to claim 16 of the present invention, 
there is provided a peripheral equipment control system 
connected to an information processing apparatus, 
directory server and peripheral equipment through a 
network, the peripheral equipment adapted to manage a 
job sent from the information processing apparatus 
through the network, wherein: the information apparatus 
comprises: issuance requesting means for requesting an 
issue of an access ticket to the directory server; 
first command issuing means for setting the issued 
access ticket and generating a management command for 
obtaining a session key to issue the command to the 
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peripheral equipment; and second command issuing means 
for generating a job management command including the 
obtained session key to issue the command to the 
peripheral equipment, and the peripheral equipment 
comprises: first decrypting means for decrypting an 
access ticket included in the job; second decrypting 
means for decrypting an access ticket included in the 
job management command; storing means for storing the 
decrypted access ticket included in the job management 
command; issuing means for issuing a session key for 
the stored access ticket; obtaining means for obtained 
the stored access ticket in accordance with the session 
key included in the job management command; and 
managing means for managing the job in accordance with 
the decrypted contents of the access ticket included in 
the job and the obtained access ticket. 
[0029] 

According to claim 17 of the present invention, 
there is provided a management method of peripheral 
equipment for managing a job sent from an external 
device in accordance with a received job management 
command, comprising: a step of decrypting an access 
ticket included in the job; a step of decrypting an 
access ticket included in the job management command; 
and a step of managing the job in accordance with the 
decrypted contents of the access ticket included in the 
job and the access ticket included in the job 
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management command . 
[0030] 

According to claim 18 of the present invention, 
there is provided a management method of peripheral 
equipment for managing a job sent from an external 
device in accordance with a received job management 
command, comprising: a step of decrypting an access 
ticket included in the job; a step of decrypting an 
access ticket included in the job management command; a 
step of storing the decrypted access ticket included in 
the job management command; a step of issuing a session 
key for the stored access ticket; a step of obtaining 
the stored access ticket in accordance with the session 
key included in the job management command; and a step 
of managing the job in accordance with the decrypted 
contents of the access ticket included in the job and 
the obtained access ticket. 
[0031] 

According to claim 19 of the present invention, 
there is provided a management method of peripheral 
equipment for performing equipment management in 
accordance with a received equipment management command, 
comprising: a step of decrypting an access ticket 
included in the equipment management command; and a 
step of managing the equipment in accordance with the 
decrypted contents of the access ticket included in the 
equipment management command. 
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[0032] 

According to claim 20 of the present invention, 
there is provided a management method of peripheral 
equipment for performing equipment management in 
accordance with a received equipment management command, 
comprising: a step of decrypting an access ticket 
included in the equipment management command; a step of 
storing the decrypted access ticket included in the 
equipment management command; a step of issuing a 
session key for the stored access ticket; a step of 
obtaining the stored access ticket in accordance with 
the session key included in the equipment management 
command; and a step of managing the equipment in 
accordance with the decrypted contents of the obtained 
access ticket. 
[0033] 

According to claim 21 of the present invention, 
there is provided a management method of an information 
processing apparatus connected to peripheral equipment 
and a directory server through a network for causing 
the peripheral equipment to execute job management, 
comprising: a step of requesting an issue of an access 
ticket to the directory server; a step of generating a 
job management command including the issued access 
ticket; and a step of issuing the generated job 
management command to the peripheral equipment. 
[0034] 
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According to claim 22 of the present invention, 
there is provided a management method of an information 
processing apparatus connected to peripheral equipment 
and a directory server through a network for causing 
the peripheral equipment to execute job management, 
comprising: a step of requesting an issue of an access 
ticket to the directory server; a step of setting the 
issued access ticket and generating a management 
command for obtaining a session key to issue the 
command to the peripheral equipment; and a step of 
generating a job management command including the 
obtained session key to issue the command to the 
peripheral equipment . 

Also, the job management command described above 
is a command for canceling the instructed job. 
[0035] 

Further, the job management command described 
above is a command for obtaining job information in the 
peripheral equipment . 
[0036] 

According to claim 25 of the present invention, 
there is provided a management method of an information 
processing apparatus connected to peripheral equipment 
and a directory server through a network for causing 
the peripheral equipment to execute equipment 
management, comprising: a step of requesting an issue 
of an access ticket to the directory server; a step of 
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generating an equipment management command including 
the issued access ticket; and a step of issuing the 
generated equipment management command to the 
peripheral equipment. 
[0037] 

According to claim 26 of the present invention, 
there is provided a management method of an information 
processing apparatus connected to peripheral equipment 
and a directory server through a communication line for 
causing the peripheral equipment to execute equipment 
management, comprising: a step of requesting an issue 
of an access ticket to the directory server; a step of 
setting the issued access ticket and generating a 
management command for obtaining a session key to issue 
the command to the peripheral equipment; and a step of 
generating an equipment management command including 
the obtained session key to issue the command to the 
peripheral equipment . 
[0038] 

According to claim 27 of the present invention, 
there is provided a management software including a 
program to be executed by a computer in peripheral 
equipment for managing a job sent from an external 
device in accordance with a received job management 
command, wherein the program includes: a procedure for 
decrypting an access ticket included in the job; a 
procedure for decrypting an access ticket included in 
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the job management command; and a procedure for 
managing the job in accordance with the decrypted 
contents of the access ticket included in the job and 
the access ticket included in the job management 
command. 
[0039] 

According to claim 28 of the present invention, 
there is provided a management software including a 
program to be executed by a computer in peripheral 
equipment for managing a job sent from an external 
device in accordance with a received job management 
command, wherein the program includes: a procedure for 
decrypting an access ticket included in the job; a 
procedure for decrypting an access ticket included in 
the job management command; a procedure for storing the 
decrypted access ticket included in the job management 
command; a procedure for issuing a session key for the 
stored access ticket; a procedure for obtaining the 
stored access ticket in accordance with the session key 
included in the job management command; and a procedure 
for managing the job in accordance with the decrypted 
contents of the access ticket included in the job and 
the obtained access ticket. 
[0040] 

According to claim 29 of the present invention, 
there is provided a management software including a 
program to be executed by a computer of peripheral 
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equipment for performing equipment management in 
accordance with a received equipment management command, 
wherein the program includes: a procedure for 
decrypting an access ticket included in the equipment 
management command; and a procedure for managing the 
equipment in accordance with the decrypted contents of 
the access ticket included in the equipment management 
command . 
[0041] 

According to claim 30 of the present invention, 
there is provided a management software including a 
program to be executed by a computer of peripheral 
equipment for performing equipment management in 
accordance with a received equipment management command, 
wherein the program includes: a procedure for 
decrypting an access ticket included in the equipment 
management command; a procedure for storing the 
decrypted access ticket included in the equipment 
management command; a procedure for issuing a session 
key for the stored access ticket; a procedure for 
obtaining the stored access ticket in accordance with 
the session key included in the equipment management 
command; and a procedure for managing the equipment in 
accordance with the decrypted contents of the obtained 
access ticket. 
[0042] 

According to claim 31 of the present invention, 
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there is provided a management software including a 
program to be executed by a computer in an information 
processing apparatus connected to peripheral equipment 
and a directory server through a network, for causing 
the peripheral equipment to perform job management, 
wherein the program includes: a procedure for requesting 
an issue of an access ticket to the directory server; a 
procedure for generating a job management command 
including the issued access ticket; and a procedure for 
issuing the generated job management command to the 
peripheral equipment . 
[0043] 

According to claim 32 of the present invention, 
there is provided a management software including a 
program to be executed by a computer in an information 
processing apparatus connected to peripheral equipment 
and a directory server through a network, for causing 
the peripheral equipment to perform job management, 
wherein the program includes: a procedure for requesting 
an issue of an access ticket to the directory server; a 
procedure for setting the issued access ticket and 
generating a management command for obtaining a session 
key to issue the command to the peripheral equipment; 
and a procedure for generating a job management command 
including the obtained session key to issue the command 
to the peripheral equipment. 
[0044] 
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Also, the job management command described above 
is a command for canceling the instructed job. 
[0045] 

Further, the job management command described 
above is a command for obtaining job information in the 
peripheral equipment . 
[0046] 

According to claim 35 of the present invention, 
there is provided a management software including a 
program to be executed by a computer in an information 
processing apparatus connected to peripheral equipment 
and a directory server through a network, for causing 
the peripheral equipment to perform equipment 
management, wherein the program includes: a procedure 
for requesting an issue of an access ticket to the 
directory server; a procedure for generating an 
equipment management command including the issued 
access ticket; and a procedure for issuing the 
generated equipment management command to the 
peripheral equipment . 
[0047] 

According to claim 36 of the present invention, 
there is provided a management software including a 
program to be executed by a computer in an information 
processing apparatus connected to peripheral equipment 
and a directory server through a network, for causing 
the peripheral equipment to perform equipment 
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management, wherein the program includes: a procedure 
for requesting an issue of an access ticket to the 
directory server; a procedure for setting the issued 
access ticket and generating a management command for 
obtaining a session key to issue the command to the 
peripheral equipment; and a procedure for generating an 
equipment management command including the obtained 
session key to issue the command to the peripheral 
equipment . 
[0048] 

According to claim 37 of the present invention, 
there is provided a storage medium storing a program to 
be executed by a computer in peripheral equipment for 
managing a job sent from an external device in 
accordance with a received job management command, 
wherein the program includes: a procedure for decrypting 
an access ticket included in the job; a procedure for 
decrypting an access ticket included in the job 
management command; and a procedure for managing the 
job in accordance with the decrypted contents of the 
access ticket included in the job and the access ticket 
included in the job management command. 
[0049] 

According to claim 38 of the present invention, 
there is provided a storage medium storing a program to 
be executed by a computer in peripheral equipment for 
managing a job sent from an external device in 



58 



accordance with a received job management command, 
wherein the program includes: a procedure for decrypting 
an access ticket included in the job; a procedure for 
decrypting an access ticket included in the job 
management command; a procedure for storing the 
decrypted access ticket included in the job management 
command; a procedure for issuing a session key for the 
stored access ticket; a procedure for obtaining the 
stored access ticket in accordance with the session key 
included in the job management command; and a procedure 
for managing the job in accordance with the decrypted 
contents of the access ticket included in the job and 
the obtained access ticket. 
[0050] 

According to claim 39 of the present invention, 
there is provided a storage medium storing a program to 
be executed by a computer in peripheral equipment for 
performing equipment management in accordance with a 
received equipment management command, wherein the 
program includes: a procedure for decrypting an access 
ticket included in the equipment management command; 
and a procedure for managing the equipment in 
accordance with the decrypted contents of the access 
ticket included in the equipment management command. 
[0051] 

According to claim 40 of the present invention, 
there is provided a storage medium storing a program to 
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be executed by a computer in peripheral equipment for 
performing equipment management in accordance with a 
received equipment management command, wherein the 
program includes: a procedure for decrypting an access 
ticket included in the equipment management command; a 
procedure for storing the decrypted access ticket 
included in the equipment management command; a 
procedure for issuing a session key for the stored 
access ticket; a procedure for obtaining the stored 
access ticket in accordance with the session key 
included in the equipment management command; and a 
procedure for managing the equipment in accordance with 
the decrypted contents of the obtained access ticket. 
[0052] 

According to claim 41 of the present invention, 
there is provided a storage medium storing a program to 
be executed by a computer in an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network, for causing the 
peripheral equipment to perform job management, wherein 
the program includes: a procedure for requesting an 
issue of an access ticket to the directory server; a 
procedure for generating a job management command 
including the issued access ticket; and a procedure for 
issuing the generated job management command to the 
peripheral equipment . 
[0053] 
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According to claim 42 of the present invention, 
there is provided a storage medium storing a program to 
be executed by a computer in an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network, for causing the 
peripheral equipment to perform job management, wherein 
the program includes: a procedure for requesting an 
issue of an access ticket to the directory server; a 
procedure for setting the issued access ticket and 
generating a management command for obtaining a session 
key to issue the command to the peripheral equipment; 
and a procedure for generating a job management command 
including the obtained session key to issue the command 
to the peripheral equipment. 
[0054] 

Also, the job management command described above 
is a command for canceling the instructed job. 
[0055] 

Further, the job management command described 
above is a command for obtaining job information in the 
peripheral equipment . 
[0056] 

According to claim 45 of the present invention, 
there is provided a storage medium storing a program to 
be executed by a computer in an information processing 
apparatus connected to peripheral equipment and a 
directory server through a network, for causing the 
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peripheral equipment to perform equipment management, 
wherein the program includes: a procedure for 
requesting an issue of an access ticket to the 
directory server; a procedure for generating an 
equipment management command including the issued 
access ticket; and a procedure for issuing the 
generated equipment management command to the 
peripheral equipment . 
[0057] 

According to claim 46 of the present invention, 
there is provided a storage medium including a program 
to be executed by a computer in an information 
processing apparatus connected to peripheral equipment 
and a directory server through a network, for causing 
the peripheral equipment to perform equipment 
management, wherein the program includes: a procedure 
for requesting an issue of an access ticket to the 
directory server; a procedure for setting the issued 
access ticket and generating a management command for 
obtaining a session key to issue the command to the 
peripheral equipment; and a procedure for generating an 
equipment management command including the obtained 
session key to issue the command to the peripheral 
equipment . 
[0058] 

According to claim 47 of the present invention, 
there is provided a peripheral equipment comprising: 
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storing means for storing attribute information 
indicating a function of the equipment, a state of the 
equipment, a job state, and so on; and acquisition 
setting execution means for acquiring and setting the 
stored attribute information under instruction of the 
information processing apparatus connected to the 
network, wherein the attribute information includes a 
list of types of the usable directory servers. 
[0059] 

The peripheral equipment further comprises: 
storing means for storing attribute information 
indicating a function of the equipment, a state of the 
equipment, a job state, and so on; and acquisition 
setting execution means for acquiring and setting the 
stored attribute information under instruction of the 
information processing apparatus connected to the 
network, and is characterized in that the attribute 
information includes the type of a currently used 
directory server. 
[0060] 

The management method further comprises: a step 
of acquiring the attribute information by the 
information processing apparatus from the peripheral 
equipment; and a step of sending a control command in 
accordance with the acquired attribute information, and 
is characterized in that the attribute information 
includes a list of types of the usable directory 
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servers . 
[0061] 

The management method further comprises: a step 
of acquiring the attribute information by the 
information processing apparatus from the peripheral 
equipment; and a step of sending a control command in 
accordance with the acquired attribute information, and 
is characterized in that the attribute information 
includes the type of a currently used directory server. 
[0062] 

Further, the management software is 
characterized in that the program described above 
comprises: a procedure for acquiring the attribute 
information from the peripheral equipment; and a 
procedure for sending a control command in accordance 
with the acquired attribute information, and the 
attribute information includes a list of types of the 
usable directory servers. 
[0063] 

Also, the management software is characterized 
in that the program described above comprises a 
procedure for acquiring the attribute information from 
the peripheral equipment; and a procedure for sending a 
control command in accordance with the acquired 
attribute information, and the attribute information 
includes the type of a currently used directory server. 
[0064] 
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Further, the management software is 
characterized in that the program described above 
comprises a procedure for acquiring the attribute 
information from the peripheral equipment; and a 
procedure for sending a control command in accordance 
with the acquired attribute information, and the 
attribute information includes a list of types of the 
usable directory servers. 
[0065] 

Also, the management software is characterized 
in that the program described above comprises a 
procedure for acquiring the attribute information from 
the peripheral equipment; and a procedure for sending a 
control command in accordance with the acquired 
attribute information, and is characterized in that the 
attribute information includes the type of a currently 
used directory server. 
[0066] 

Further, the storage medium is characterized in 
that the program comprises a procedure for acquiring 
the attribute information from the peripheral 
equipment; and a procedure for sending a control 
command in accordance with the acquired attribute 
information, and the attribute information includes a 
list of types of the usable directory servers. 
[0067] 

Also, the storage medium is characterized in 
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that the program comprises a procedure for acquiring 
the attribute information from the peripheral 
equipment; and a procedure for sending a control 
command in accordance with the acquired attribute 
information, and the attribute information includes the 
type of a currently used directory server. 
[0068] 

Further, the peripheral equipment is 
characterized by having a console to be operated by a 
user, is connected to the directory server by using 
user information entering through the console, and 
further comprises an acquisition means for acquiring an 
access ticket for the pertinent peripheral equipment of 
the user. 
[0069] 

Also, the peripheral equipment is characterized 
by decrypting the access ticket included in a job 
received through the network, and by being operated in 
accordance with the contents of the decrypted access 
ticket . 
[0070] 

Further, the peripheral equipment is 
characterized in that the access ticket includes user 
information, and by comprising recording means for 
recording the number of prints printed in accordance 
with the user information and the job as a log. 
[0071] 
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Also, the peripheral equipment is characterized 
in that the access ticket includes user information, 
and by comprising sending means for sending the number 
of prints printed in accordance with the user 
information and the job to the directory server 
connected through the network. 
[0072] 

Further, the peripheral equipment is 
characterized in that the access ticket includes the 
permitted maximum number of prints, and by comprising 
determining means for determining whether the job is to 
be received or not on the basis of the permitted 
maximum number of prints and finishing means for 
finishing the job when the actual number of prints 
exceeds the permitted maximum number of prints. 
[0073] 

Also, the peripheral equipment is characterized 
in that the access ticket includes user information and 
by comprising obtaining means for obtaining the 
permitted maximum number of prints of the concerned 
user retained in the directory server by using the user 
information immediately before the execution of a job, 
determining means for determining whether the job is to 
be received or not on the basis of the permitted 
maximum number of prints, and finishing means for 
finishing the job when the actual number of prints 
exceeds the permitted maximum number of prints. 
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[0074] 

Further, the peripheral equipment is 
characterized in that the attribute information has a 
list of operation modes to be taken in the case of a 
failure of connecting to the directory server and a 
current operation mode to be taken in the case of a 
failure of connecting to the directory server; and by 
comprising acquisition setting execution means for 
acquiring and setting the attribute information under 
instruction of the information processing apparatus 
connected to the network. 
[0075] 

Also, the peripheral equipment comprises 
comparing means for comparing user information 
temporarily stored with user information received from 
the console, and is characterized in that an operation 
mode to be taken in the case of a failure of connecting 
to the directory server is a mode for performing an 
operation when the user information temporarily stored 
and the user information received from the console 
coincide . 
[0076] 

Further, the peripheral equipment comprises 
comparing means for comparing user information 
temporarily stored with user information received from 
the console, and is characterized in that an operation 
mode to be taken in the case of a failure of connecting 
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to the directory server is a mode for performing an 
operation within a predetermined limit period of time 
from normal acquisition of an access ticket when the 
user information temporarily stored and the user 
information received from the console coincide. 
[0077] 

Also, the peripheral equipment further comprises 
comparing means for comparing user information 
temporarily stored with user information received from 
the console, and is characterized in that an operation 
mode to be taken in the case of a failure of connecting 
to the directory server is a mode for performing an 
operation within a predetermined limit period of time 
from normal acquisition of an access ticket and within 
the maximum permitted number of prints stored in the 
equipment in advance when the user information 
temporarily stored and the user information received 
from the console coincide. 
[0078] 

Further, the peripheral equipment comprises 
comparing means for comparing user information 
temporarily stored with user information received from 
the console, and is characterized in that an operation 
mode to be taken in the case of a failure of connecting 
to the directory server is a mode for performing an 
operation within a a predetermined limit period of time 
from normal acquisition of an access ticket and within 
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the maximum permitted number of prints for the 
concerned user in the user information temporarily 
stored when the user information temporarily stored and 
the user information received from the console coincide. 
[0079] 

Also, the peripheral equipment further comprises 
comparing means for comparing user information 
temporarily stored with user information received from 
the console, and is characterized in that an operation 
mode to be taken in the case of a failure of connecting 
to the directory server is a mode for performing an 
operation within the maximum permitted number of prints 
stored in the equipment in advance when the user 
information temporarily stored and the user information 
received from the console coincide. 
[0080] 

Further, the peripheral equipment further 
comprises comparing means for comparing user 
information temporarily stored with user information 
received from the console, and is characterized in that 
an operation mode to be taken in the case of a failure 
of connecting to the directory server is a mode for 
performing an operation within the maximum permitted 
number of prints for the concerned user in the user 
information temporarily stored when the user 
information temporarily stored and the user information 
received from the console coincide. 
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[0081] 

Also, the peripheral equipment further comprises 
comparing means for comparing user information 
temporarily stored with user information received from 
the console, and is characterized in that an operation 
mode to be taken in the case of a failure of connecting 
to the directory server is a mode for performing an 
operation within the maximum permitted number of prints 
for each user session stored in the equipment in 
advance when the user information temporarily stored 
and the user information received from the console 
coincide . 
[0082] 

Further, the peripheral equipment further 
comprises comparing means for comparing user 
information temporarily stored with user information 
received from the console, and is characterized in that 
an operation mode to be taken in the case of a failure 
of connecting to the directory server is a mode for 
prohibiting the use of the peripheral equipment by the 
user . 
[0083] 

Also, the maximum permitted number of prints 
stored in the equipment in advance is reduced in 
proportion to the time from the normal acquisition of 
an access ticket. 
[0084] 
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Further, the management method further comprises 
a step of connecting to the directory server by using 
the user information received from the console to 
acquire an access ticket to the peripheral equipment of 
the pertinent user. 
[0085] 

Also, the management method further comprises a 
step of decrypting the access ticket included in the 
job received through the network so as to operate in 
accordance with the contents of the decrypted access 
ticket . 
[0086] 

Further, the program described above includes a 
procedure for connecting to the directory server by 
using the user information received from the console so 
as to obtain an access ticket to the peripheral 
equipment of the pertinent user. 
[0087] 

Also, the program described above includes a 
procedure for decrypting the access ticket included in 
the job received through the network so as to operate 
in accordance with the contents of the decrypted access 
ticket . 
[0088] 

Further, the program described above includes a 
procedure for connecting to the directory server by 
using the user information received from the console so 
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as to obtain an access ticket to the peripheral 

equipment of the pertinent user. 

[0089] 

Also, the program described above includes a 
procedure for decrypting the access ticket included in 
the job received through the network so as to operate 
in accordance with the contents of the decrypted access 
ticket . 
[0090] 

[Description of the Preferred Embodiments] 

Embodiments of peripheral equipment, an 
information processing apparatus, a peripheral 
equipment control system, a management method, a 
management software and a storage medium of the present 
invention will be described below by referring to the 
drawings . 

[0091] 
(First Embodiment) 

FIG. 1 is a block diagram showing a 
configuration of a peripheral equipment control system 
according to a first embodiment. In the drawing, 
reference numerals 1 and 5 denote peripheral equipment 
MFP(l) and an MFP(2), respectively (hereafter uniformly 
referred to as the MFP(l) 1 and the MFP(2) 5). In 
addition, reference numerals 2, 3 and 4 denote personal 
computers described as personal computers including a 
PC(1), a PC (2) and a PC (3), respectively (hereafter 
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uniformly referred to as the PC(1) 2, the PC (2) 3 and 
the PC (3) 4). The PC(1) 2, the PC (2) 3 and the PC (3) 4 
are connected to the MFP{1) 1 and the MFP(2) 5 by way 
of a network 10 or a local interface respectively. On 
the PC(1) 2, the PC (2) 3 and the PC (3) 4, peripheral 
equipment control software related to the present 
invention operates and requests the MFP(l) 1 to process 
the jobs such as a print, a scan, a copy or a fax 
transmission and reception or inquire about attribute 
information of the MFP(l) 1 and the MFP(2) 5. 
[0092] 

In addition, reference numeral 6 denotes a 
directory server having a centralized management 
function of user information and device information on 
the network 10, and is comprised of a personal computer 
and so on. This directory server 6 also has a KDC (Key 
Distribution Server) function in a Kerberos protocol 
(RFC1510) and issues a TGT (Ticket Generation Ticket) 
ticket and an access ticket required for accessing a 
specified resource in compliance with regulations of 
the Kerberos protocol. 
[0093] 

Moreover, this directory server 6 is supposed to 
have an MFP(l) 1 and an MFP(2) 5 already registered. 
This data can be referred to and updated from a PC(1) 2 
and a PC (2) 3 by using an LDAP protocol (RFC1777). Each 
piece of the user information managed in the directory 
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server 6 includes a user name, a password, the 
permitted number of prints of the user and the 
accumulated number of prints of the user. In addition, 
each piece of the device information managed in the 
directory server 6 includes a device name and a 
cryptograph key. 
[0094] 

FIG. 2 is a block diagram showing a 
configuration of the peripheral equipment (the MFP(l) 1 
and the MFP(2) 5). In the diagram, reference numeral 11 
denotes a controller for controlling the peripheral 
equipment. Reference numeral 12 denotes a communication 
interface for the controller 11 to communicate with the 
outside of the peripheral equipment, which is an 
Ethernet interface, an IEEE1284 interface or another 
communication interface for instance. 
[0095] 

Reference numeral 13 denotes a scanner engine 
and is controlled by the controller 11. Reference 
numeral 14 denotes a printer engine and is controlled 
by the controller 11, and for instance, it is a laser 
beam printer, an ink jet printer or another printer. 
[0096] 

Reference numeral 15 denote s a FAX board for 
implementing a FAX function of performing communication 
control such as sending and receiving images, and is 
controlled by the controller 11. Reference numeral 16 
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denotes a user interface comprised of an LCD display 
and a keyboard, and displays information from the 
controller 11 and communicates an instruction from the 
user to the controller 11. 
[0097] 

The peripheral equipment having such a 
configuration selects a printer engine 14 and allows a 
print job to be issued. In addition, it selects the 
printer engine 14 and a scanner engine 13 to allow a 
co Py j°b to be issued. Moreover, it selects the printer 
engine 14, the scanner engine 13 and the FAX board 15 
to allow a FAX reception job and a FAX transmission job 
to be issued. 
[0098] 

FIG. 3 is a block diagram showing a hardware 
configuration of the controller 11. The controller 11 
is mutually connected via a system bus 20 with a CPU 21, 
a RAM 22, an LCD 23, a keyboard 24, a ROM 25, a 
communication interface 26, a scanner engine 27, a 
printer engine 28, a FAX board 29 and a disk 30. 
[0099] 

A program for controlling the controller 11 is 
stored in the ROM 25 or the disk 30, and is read by the 
RAM 22 as required and executed by the CPU 21. Also, 
the ROM 25 or the disk 30 has attribute information 
showing the peripheral equipment and functions and 
states of the jobs to be processed by the peripheral 
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equipment and job data to be outputted and so on stored 
in addition to the control program. Moreover, the CPU 
21 produces a display on the LCD 23 and is instructed 
by the user from the keyboard 24. In addition, the CPU 
21 performs communication with the outside through the 
interface 26. 
[0100] 

In the peripheral equipment (FIG. 2) according 
to this embodiment, unless specifically noted otherwise, 
the CPU 21 receives the user-input from the keyboard 24 
via the system bus 20 and controls the RAM 22, the LCD 
23, the ROM 25, the communication interface 26, the 
scanner engine 27, the printer engine 28, the FAX board 
29 and the disk 30. 
[0101] 

FIG. 4 is a block diagram showing the hardware 
configuration of the PC constituting a network system. 
On the PC, a CPU 31, a RAM 32, a CRT 33, a keyboard 34, 
a pointing device 35, a ROM 36, a disk 37 and a 
communication interface 38 are mutually connected via a 
system bus 40. The program for controlling the PC is 
stored in the ROM 36 or the disk 37, and is read by the 
RAM 32 as required and executed by the CPU 31. Moreover, 
the CPU 31 produces a display through the CRT 33 and is 
instructed by the user from the keyboard 34 and the 
pointing device 35. In addition, the CPU 31 performs 
communication with the outside through the 
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communication interface 38. 
[0102] 

In the PC according to this embodiment, unless 
specifically noted otherwise, the CPU 31 receives the 
user-input from the keyboard 34 or the pointing device 
35 via the system bus 40 and controls the RAM 32, the 
CRT 33, the ROM 36, the disk 37 and the communication 
interface 38. In addition, the user's instruction to 
the peripheral equipment and display of information to 
the user may be performed either through a local user 
interface 16 or through the device to be a client 
connected to the network 10 such as the PC(1) 2, the 
PC (2) 3 and the PC (3) 4 . 
[0103] 

FIG. 5 is a diagram showing the attribute 
information held by the MFP(l) 1. While the MFP(2) 5 
has the same data structure as the MFP(l) 1, values 
held thereby are different. Such information is held by 
the ROM 25, the RAM 22 and the disk 30, and the 
individual attribute information may be obtained or set 
from the PC(1) 2, the PC (2) 3 and the PC (3) 4 by the 
process mentioned later. 
[0104] 

In the diagram, 301 is a "Supported User 
Management Mode List" attribute, and holds a plurality 
of values as a list, that is, "No User Management," 
"Password, " "User ID, " "User ID and Password" and "Join 
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Security Domain." 
[0105] 

Reference numeral 302 denotes a "Current User 
Management Mode" attribute, and holds "Join Security 
Domain" as the value. Reference numeral 303 denotes an 
"Adaptive Directory Server Type List" attribute, and 
holds a plurality of values as the list, that is, 
"Standard LDAP Server," "Active Directory (MS)," "NDS 
(Novell)" and "Open LDAP." 
[0106] 

Reference numeral 304 denotes a "Current 
Directory Server Type" attribute, and holds "Active 
Directory (MS)" as the value. Reference numeral 305 
denotes a "Current Directory Server IP Address" 
attribute, and holds "123. 56. 54. 21" as the value. 
Reference numeral 306 denotes a "Cryptograph key" 
attribute, and holds "Ox34q4bf f cdcaOOl" as the value. 
This value becomes effective in the case where the 
"Current User Management Mode" attribute is "Join 
Security Domain, 11 and is used to interpret the access 
ticket issued from the directory server 6. 
[0107] 

Reference numeral 307 denotes a "Permission to 
Use in case of Inaccessible Directory Server" attribute, 
and holds "TRUE" as the value. Reference numeral 308 
denotes a "Limit Types for Use in case of Inaccessible 
Directory Server" attribute, and holds a plurality of 
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values as the list, that is, M No Limit," "Time," "Time 
and Fixed Max No. of Prints," "Time and Max No. of 
Prints," "Fixed Max No. of Prints," "Max No. of Prints" 
and "For each Login." 
[0108] 

Reference numeral 309 denotes a "Current Limit 
Types for Use in case of Inaccessible Directory Server" 
attribute, and holds "Time" as the value. Reference 
numeral 310 denotes a "Time Limit" attribute, and holds 
"48 Hours" as the value. Reference numeral 311 denotes 
a "Daily Reduction Ratio of Max No. of Prints" 
attribute, and holds "30" as the value. Reference 
numeral 312 denotes a "Max No. of Prints" attribute, 
and holds "100" as the value. Reference numeral 313 
denotes a "Max No. of Prints for each Login" attribute, 
and holds "20" as the value. 
[0109] 

FIG . 6 is a flowchart showing the procedure for 
displaying and/or changing a user management mode of 
the MFP(l) 1 from the PC(1) 2, the PC (2) 3 and the 
PC (3) 4. This processing program runs on the PC(1) 2, 
the PC (2) 3 and the PC (3) 4. First, it obtains 
attribute information 301 of the MFP(l) 1 (step S1701). 
This attribute information is obtained by sending an 
attribute acquisition command from the PC(1) 2, the 
PC (2) 3 and the PC (3) 4 to the MFP(l) 1 and processing 
this command on the MFP(l) 1. And it displays the 
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obtained attribute information on the CRT 33 (step 
S1702) . Furthermore, it obtains a "Current User 
Management Mode" attribute 302 that is the attribute 
information (step S1703) and displays it on the CRT 33 
(step S1704) . 
[0110] 

It waits for the user-input (step S1705) , and 
sets the "Current User Management Mode" attribute 302 
that is the attribute information (step S1706) 
according to the user-input to finish the process. This 
attribute information is set by sending an attribute 
setting command from the PC(1) 2, the PC (2) 3 and the 
PC (3) 4 to the MFP(l) 1 and processing this command on 
the MFP(l) 1. 
[0111] 

FIG. 7 is a diagram showing a user interface 
screen displayed on the CRT 33 in the state of waiting 
for user-input in a step S1705. In the diagram, 101 
indicates a list of the user management modes 
(attribute 301) that can be selected by the user. The 
attribute 302 of the currently set user management mode 
is in reverse video in 102 in the diagram. The user 
selects a desired user management mode and puts it in 
reverse video, and presses an OK button 103 to execute 
the process of the step S1706 and perform setting of 
the user management mode. 
[0112] 
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Moreover, the procedure in FIG. 6 may be 
performed by, instead of the PCs, the controller 11 of 
the MFP(l) 1 itself of which user management mode is to 
be changed, and the display in FIG. 7 may also be 
performed on the user interface 16 included in the MFP. 
It may also be performed and/or displayed on the other 
MFP(2) 5. 
[0113] 

FIG. 8 is a flowchart showing an operating 
procedure for displaying and/or changing a directory 
server corresponding to the MFP(l) 1 from the PC(1) 2, 
the PC (2) 3 and the PC (3) 4. This procedure is 
performed on the PC(1) 2, the PC (2) 3 and the PC (3) 4. 
[0114] 

First, attribute information 303 is obtained 
(step S1801) . This attribute information is obtained by 
sending the attribute acquisition command from the 
PC(1) 2, the PC (2) 3 and the PC (3) 4 to the MFP(l) 1 
and processing this command on the MFP(l) 1 following 
the procedure mentioned later. And the obtained 
attribute information is displayed on the CRT 33 (step 
S1802) . 
[0115] 

Furthermore, attribute information 304 is 
obtained (step S1803) and the obtained attribute 
information is displayed on the CRT 33 (step S1804) . 
Attribute information 305 is obtained (step S1805) and 
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the obtained attribute information 305 is displayed on 

the CRT 33 (step S1806) . 

[0116] 

The user-input is waited for (step S1807), and 
attribute information 304 and 305 is set according to 
the user-input (step S1808) . This attribute information 
is set by sending an attribute setting command from the 
PC(1) 2, the PC (2) 3 and the PC (3) 4 to the MFP(l) 1 
and processing this command on the MFP(l) 1 following 
the procedure mentioned later. 
[0117] 

FIG , 9 is a diagram showing the user interface 
screen displayed on the CRT 33 in the state of waiting 
for user-input in a step S1807. In the diagram, 201 
indicates the list of the directory server types 
(attribute 303) that can be selected by the user. The 
currently set directory server type (attribute 304) is 
in reverse video in 202 in the diagram. Moreover, an IP 
address 305 of the currently set directory server is 
displayed in an address division 203. The user selects 
a desired directory server type and puts it in reverse 
video, inputs a desired IP address in the address 
division 203, and presses an OK button 204 to execute 
the process of the step S1808 and perform setting of 
the corresponding directory server. 
[0118] 

Moreover, the process shown in FIG. 8 may be 
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performed by, instead of the PCs, the controller 11 of 
the MFP(l) 1 itself of which set directory server is to 
be changed, and the display shown in FIG. 9 may also be 
performed by the user interface 16 included in the MFP. 
It may also be performed and/or displayed on the other 
MFP(2) 5. 
[0119] 

FIG. 10 is a flowchart showing the procedure for 
displaying and/or changing from the PC(1) 2, the PC (2) 
3 and the PC (3) 4 how to permit a login in the case 
where the MFP(l) cannot be connected to the directory 
server 6. This procedure is performed on the PC(1) 2, 
the PC (2) 3 and the PC (3) 4. 
[0120] 

First, a "Limit Types for Use in case of 
Inaccessible Directory Server" attribute 308 that is 
the attribute information is obtained (step S2201) . The 
attribute information is obtained by sending the 
attribute acquisition command from the PC(1) 2, the 
PC (2) 3 and the PC (3) 4 to the MFP(l) 1 and processing 
this command on the MFP(l) 1 following the procedure 
mentioned later. And the obtained attribute information 
is displayed on the CRT 33 (step S2202). 
[0121] 

A "Current Limit Type for Use in case of 
Inaccessible Directory Server" attribute 309 that is 
the attribute information is obtained (step S2203) and 
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the obtained attribute information is displayed on the 
CRT 33 (step S2204) . Furthermore, a "Permission to Use 
in case of Inaccessible Directory Server" attribute 307 
that is the attribute information is obtained (step 
S2205) . The obtained attribute information is displayed 
on the CRT 33 (step S2206) . 
[0122] 

The user-input is waited for (step S2207), and 
attribute information 309 and 307 is set according to 
the user-input (step S2208) to finish the process. The 
attribute information is set by sending the attribute 
setting command from the PC(1) 2, the PC (2) 3 and the 
PC (3) 4 to the MFP(l) 1 and processing this command on 
the MFP(l) 1 following the procedure mentioned later. 
[0123] 

FIG. 11 is a diagram showing the user interface < 
screen displayed on the CRT 33 in the state of waiting 
for the user-input in a step S2207. In the diagram, 
2102 indicates the contents of the "Limit Types for Use 
in case of Inaccessible Directory Server" attribute 308, 
and the value of the "Current Limit Type for Use in 
case of Inaccessible Directory Server" attribute 309 is 
in reverse video in 2103 in the diagram. Moreover, the 
value of the "Permission to Use in case of Inaccessible 
Directory Server" attribute 307 is displayed in a check 
box 2101. The user performs a desired setting and then 
presses an OK button 2104 to execute the process of the 
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step S2208 and perform setting of the attribute 

information . 

[0124] 

Moreover, the process shown in FIG. 10 may be 
performed by, instead of the PCs, the controller 11 of 
the MFP(l) 1 itself of which setting is to be changed, 
and the display shown in FIG. 11 may also be performed 
by the user interface 16 included in the MFP. 
Furthermore, it may be performed and/or displayed on 
the other MFP (2) 5. 
[0125] 

FIGS. 12 and 13 are flowcharts showing the 
procedure for issuing a print job, a scanner job, a fax 
transmission job or a copy job from the PC(1) 2, the 
PC (2) 3 and the PC (3) 4 to the MFP(l) 1. This procedure 
is performed on the PC(1) 2, the PC (2) 3 and the PC (3) 
4 . 

[0126] 

First, the "Current User Management Mode" 
attribute 302 that is the attribute information held by 
the MFP(l) 1 is obtained (step S401) . It is determined 
whether or not the value of the attribute information 
302 is "No User Management" (step S402) . In the case 
where it is "No User Management" as a result of the 
determination, other information required for the job 
is set on the job, and then the job is issued to the 
MFP(l) 1 (step S403) . Then the process is finished. 
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[0127] 

On the other hand, in the case where it is "User 
Management" in the step S402, it is determined whether 
or not the value of the attribute information 302 is 
"Password" (step S404) . In the case where it is 
"Password" as a result of the determination, the user 
interface screen prompting for the password is 
displayed on the CRT 33 (step S405) . And in the step 

5403, other information required for the inputted 
password and the job is set on the job, and then the 
job is issued to the MFP(l) 1. 

[0128] 

On the other hand, in the case where it is not 
"Password" as a result of the determination in the step 

5404, it is determined whether or not the value of the 
attribute information 302 is "User ID" (step S406) . In 
the case where it is "User ID" as a result of the 
determination, the user interface screen prompting for 
the user ID is displayed on the CRT 33 (step S407) . And 
in the step S403, other information required for the 
inputted user ID and the job is set on the job, and 
then the job is issued to the MFP(l) 1. 

[0129] 

On the other hand, in the case where it is not 
"User ID" as a result of the determination in the step 
S406, it is determined whether or not the value of the 
attribute information 302 is "User ID and Password" 
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(step S408) . In the case where it is "User ID and 
Password" as a result of the determination, the user 
interface screen prompting for the user ID and password 
is displayed on the CRT 33 (step S409) . And in the step 
S403, other information required for the inputted user 
ID, password and the job is set on the job, and then 
the job is issued to the MFP(l) 1. 
[0130] 

On the other hand, in the case where it is not 
"User ID and Password" as a result of the determination 
in the step S408, it is determined whether or not the 
user has already logged in to a security domain managed 
by the directory server 6 on the PC being used (step 
S410) . This determination is made by inquiring of an 
operating system of the PC being used. In the case 
where the user has not logged in as a result of the 
determination, the user interface screen prompting for 
the user ID and password is displayed on the CRT 33 
(step S411), and the information is sent to the 
directory server 6 by using the Kerberos protocol so as 
to obtain TGT (Ticket Generation Ticket) information 
(step S413) . 
[0131] 

On the other hand, in the case where the user 
has already logged in as a result of the determination 
in the step S410, the TGT used in a current session is 
requested of the operating system and is obtained (step 
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S412) . 
[0132] 

The TGT obtained in the step S412 or S413 is 
used to obtain the permitted number of prints 
information of the user falling under the user name 
held by the operating system or the user name inputted 
in the step S411 from the directory server 6 by the 
Kerberos protocol and the LDAP protocol (step S414) . 
[0133] 

It is determined thereafter whether or not the 
permitted number of prints is one or more (step S415) , 
and in the case where it cannot be printed since it is 
less than one as a result of the determination, the 
user interface screen representing that the job cannot 
be issued is displayed on the CRT 33 (step S416) to 
finish the process. 
[0134] 

On the other hand, in the case where printing is 
possible with the permitted number of prints of one or 
more as a result of the determination in the step S415, 
the TGT obtained in the step S412 or S413 and a 
parameter of an identifier identifying the MFP(l) 1 of 
the job issue destination are sent to the directory 
server 6 by the Kerberos protocol to obtain the access 
ticket for the MFP(l) 1 (step S417). The access ticket 
obtained here has the information on the user name, the 
user ID, the user's permitted number of prints and its 
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expiration date that is encrypted by cryptograph key 
attribute information 306 of the MFP(l) 1. A data 
format in the access ticket and encryption (algorithm) 
to be used are uniquely determined in advance according 
to the currently corresponding directory server type 
(attribute information 304) . 
[0135] 

And the access ticket obtained in the step S417 
and the other information required for the job are set 
on the job, and then the job is issued to the MFP(l) 1 
(step S418) to finish the process. 
[0136] 

FIG. 14 is a flowchart showing the procedure for 
issuing the job in the step S403. First, the parameter 
of the attribute setting command for the attribute 
required for the job is set (step S502) . This parameter 
is comprised of an attribute name of a setting subject 
and the value therefor. The attribute setting command 
created in the step S502 is sent to the MFP(l) 1 (step 
S503) . It is determined whether or not the setting of 
the required job attribute is completed (step S504), 
and in the case where it is not completed, the process 
in the step S502 is repeated. 
[0137] 

On the other hand, in the case where the setting 
of the required job attribute is completed in the step 
S504, target data of job processing such as image data 
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created by an application and so on is sent to this MFP 
by a job data transmission command (step S505) . A job 
submitting completion notice command showing completion 
of sending the job submitting command is sent (step 
S506) to finish the process. 
[0138] 

FIGS. 15 and 16 are flowcharts showing the 
procedure for receiving a job submitting command when 
the MFP(l) 1 receives the job issued by the process in 
FIG. 14. This process is performed by the MFP(l) 1 each 
time the command constituting the job is received. 
[0139] 

The received command and its parameter are 
analyzed (step S601) . As a result of this analysis, it 
is determined whether or not the received command is 
the attribute setting command (step S602) . In the case 
where the received command is the attribute setting 
command, it is determined whether or not the attribute 
can be interpreted by the MFP(l) 1 (step S603). 
[0140] 

In the case where it can be interpreted, a pair 
of the specified attribute name and attribute value is 
stored as the job data on the RAM 22 or the disk 30 
according to the analysis results obtained in the step 
S601 (step S604) to finish the process. On the other 
hand, in the case where it cannot be interpreted in the 
step S603, it is impossible to set the attribute 
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specified by the received attribute setting command, 
and so it is communicated in reply that the attribute 
could not be set (step S616) to finish the process. 
[0141] 

On the' other hand, in the case where the 
received command is not the attribute setting command 
in the step S602, it is determined whether or not the 
received command is the job data transmission command 
from the analysis results obtained in the step S601 

(step S611) . In the case where it is the job data 
transmission command, the job data received following 
the command is stored in the RAM 22 or the disk 30 

(step S612) to finish the process. 

[0142] 

On the other hand, in the case where it is not 
the job data transmission command in the step S611, it 
is determined whether or not the received command is a 
job submitting termination notice command from the 
analysis results obtained in the step S601 (step S613) . 
In the case where it is the job submitting termination 
notice command, processing of the job data held in the 
RAM 22 or the disk 30 is started (step S614) . On the 
other hand, in the case where it is not the job 
submitting termination notice command, the received 
command is another command, and a process depending on 
the other command is performed (step S615) to finish 
the process. 



92 



[0143] 

FIG. 17 is a diagram showing the data structure 
of the job held in the MFP(l) 1 as a result of the 
process in FIGS. 15 and 16. This job is comprised of an 
attribute list 701 representing the function and 
attribute of the job and job data 702 representing the 
data to be the processing target of the job. The job 
data 702 is not necessary depending on the job type. 
The attribute list 701 is the list of a pair of an 
attribute name 711 and an attribute value 712 
corresponding thereto . 
[0144] 

In the diagram, reference numeral 721 represents 
that the job is the printing job. Reference numeral 722 
represents that the job starting mode is pending. 
Reference numeral 723 represents that the user 
management mode is "Join Security Domain" and indicates 
that an access ticket 726 is used as the user 
information on the job. Reference numeral 724 denotes 
the attribute for which the user ID is set in the case 
where the user management mode is "User ID" or "User ID 
and Password." Reference numeral 725 denotes the 
attribute for .which the password is set in the case 
where the user management mode is "Password" or "User 
ID and Password." Reference numeral 726 denotes the 
attribute for which the access ticket is set in the 
case where the user management mode is "Join Security 
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Domain." Moreover, as for the attributes 724, 725 and 
726, only what is necessary may be set as the job data 
according to the contents of the attribute 723. 
[0145] 

FIGS. 18 and 19 are flowcharts showing the 
procedure of the job data held in the MFP(l) 1 shown in 
FIG. 17. This procedure is performed on the MFP(l) 1. 
First, the attribute information (current user 
management mode) 302 is obtained (step S801) . It is 
determined whether or not the value of the attribute 
information 302 is "No User Management" (step S802) . 
[0146] 

In the case of "No User Management" as a result 
of the determination, the processing of the attributes 
except the attributes 723, 724, 725 and 726 is 
performed (step S803) , and job data processing is 
performed based on these attributes (step S810) . The 
job processing results are logged (step S811) to finish 
the process. This log is stored in the RAM 22 or the 
disk 30. 
[0147] 

On the other hand, in the case where there is 
the user management as a result of the determination in 
the step S802, it is determined whether or not the 
value of the attribute information 302 is "Password" 
(step S804) . In the case where it is "Password" as a 
result of the determination, a password value held in 
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advance in the RAM 22 or the disk 30 is compared to 
attribute information 725 (step S805), and in the case 
where they coincide, the job processing is continued in 
the step S803. On the other hand, in the case where 
they do not coincide, the job processing is aborted. 
[0148] 

On the other hand, in the case where it is not 
"Password" as a result of the determination in the step 
S804, it is determined whether or not the value of the 
attribute information 302 is "User ID" (step S806) . In 
the case where it is "User ID" as a result of the 
determination, a user ID value held in advance in the 
RAM 22 or the disk 30 is compared to attribute 
information 724 (step S807), and in the case where they 
coincide, the job processing is continued in the step 
S803. On the other hand, in the case where they do not 
coincide, the job processing is aborted. 
[0149] 

In the case where it is not "User ID" as a 
result of the determination in the step S806, it is 
determined whether or not the value of the attribute 
information 302 is "User ID and Password" (step S808) . 
In the case where it is "User ID and Password" as a 
result of the determination, the user ID value and the 
password value held in advance in the RAM 22 or the 
disk 30 is compared to attribute information 724 and 
725 respectively (step S809) , and in the case where 
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they coincide, the job processing is continued in the 
step S803. In the case where they do not coincide, the 
job processing is aborted. 
[0150] 

On the other hand, in the case where it is not 
"User ID and Password" as a result of the determination 
in the step S808, the access ticket value 726 is 
decrypted by using the cryptograph key that is the 
attribute information 306 (step S812) . And it is 
determined whether or not the access ticket is valid 
(step S813) . In the case where the access ticket value 
could not be decrypted or the value of the permitted 
number of prints held in the access ticket is 0, it is 
determined that the access ticket is invalid in the 
step S813, and the job data is abandoned (step S814) to 
finish the process. 
[0151] 

On the other hand, in the case where it is 
determined that the access ticket is valid in the step 
S813, the permitted number of prints information of the 
user falling under the user ID in the access ticket is 
obtained from the directory server 6 by the Kerberos 
protocol and the LDAP protocol (step S815) . 
[0152] 

It is determined whether or not it can be 
printed with the permitted number of prints of one or 
more (step S816) , and in the case where it cannot be 
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printed, the job data is abandoned (step S817) to 
finish the process. On the other hand, in the case 
where it can be printed as a result of the 
determination in the step S816, the processing of the 
attributes except the attributes 723, 724, 725 and 726 
is performed (step S818), and job data processing is 
performed based on these attributes (step S819) . 
Moreover, this processing is monitored so that the 
permitted number of prints obtained from the process in 
the step S815 is not exceeded, and in the case where 
the maximum number of prints is exceeded, it causes the 
job data processing to abnormally end. Whether the job 
normally ends or abnormally ends, the job processing 
results are logged (step S820) to finish the process. 
The user ID and the number of prints printed by the job 
are logged, which is stored in the RAM 22 or the disk 
30. 

[0153] 

Moreover, while the job data is once constructed 
in the MFP(l) 1 in the process in FIGS. 15 and 16 and 
then it is processed again in the process in FIGS. 18 
and 19 in this embodiment, it is also feasible, as 
another embodiment, to unite the process in FIGS. 15 
and 16 with the process in FIGS. 18 and 19, thus 
simultaneously performing a job analysis and the job 
processing . 
[0154] 
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In addition, while the permitted number of 
prints in the access ticket is determined in the step 
S813, and the permitted number of prints of the user 
held in the directory server 6 is determined in the 
steps S815 and S816 in this embodiment, it is also 
feasible, as another embodiment, to omit either the 
determination of the permitted number of prints in the 
access ticket in the step S813 or the determination of 
the permitted number of prints of the user held in the 
directory server 6 in the steps S815 and S816. 
[0155] 

In addition, while the job results are held as 
logs in the MFP(l) 1 in the step S820 in this 
embodiment, it is also feasible to update the permitted 
number of prints and the accumulated number of prints 
of the user held in the directory server 6 by the 
number of prints printed by the job. The permitted 
number of prints is updated by obtaining the permitted 
number of prints and the accumulated number of prints 
indicated by the user ID held in the directory server 6 
by the LDAP protocol, subtracting the number of prints 
printed by the job from the permitted number of prints, 
and further adding the number of prints printed by the 
job to the accumulated number of prints, and then 
setting these obtained values in the directory server 6 
by the LDAP protocol. 
[0156] 
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FIGS. 20 and 21 are flowcharts showing the 
procedure of the login screen displayed on an LCD 23 of 
the MFP(l) 1. This process is performed on the MFP(l) 1. 
First, the attribute information 302 (current user 
management mode) is obtained (step S901) . It is 
determined whether or not the value of the attribute 
information 302 is "No User Management" (step S902) . 
[0157] 

In the case where it is "No User Management" as 
a result of the determination, the login information is 
stored in the RAM 22 (step S903) . The login information 
holds the user management mode, the user ID and the 
permitted number of prints as of logging in. The 
permitted number of prints is sequentially updated by 
the number of prints used in the jobs accompanying 
printing such as a print job and a copy job issued from 
the console within a login period, and the job is 
finished when the value of the permitted number of 
prints becomes 0. In the step S903, the permitted 
number of prints is set at infinity. The user ID in the 
login information is logged together with the number of 
prints used in the job. After the process of the step 
S903, a print pending job is processed (step S924) to 
finish the process. 
[0158] 

On the other hand, in the case where there is 
the user management as a result of the determination in 
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the step S902, it is determined whether or not the 
value of the attribute information 302 is "Password" 
(step S904) . In the case where there is the password as 
a result of the determination, the user interface 
screen prompting for the password is displayed on the 
LCD 23 and the inputted password is compared to the 
password value held in advance in the RAM 22 or the 
disk 30 (step S905) , and in the case where they 
coincide, the login processing is continued in the step 

5903. In the case where they do not coincide, the 
processing is aborted as no login allowed. 

[0159] 

On the other hand, in the case where there is no 
password as a result of the determination in the step 

5904, it is determined whether or not the value of the 
attribute information 302 is "User ID" (step S906) . In 
the case where it is "User ID, " the user interface 
screen prompting for the user ID is displayed on the 
LCD 23 and the inputted user ID is compared to the user 
ID value held in advance in the RAM 22 or the disk 30 
(step S907), and in the case where they coincide, the 
login processing is continued in the step S903. In the 
case where they do not coincide, the processing is 
aborted as no login allowed. 

[0160] 

On the other hand, in the case where it is not 
the user ID as a result of the determination in the 
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step S906, it is determined whether or not the value of 
the attribute information 302 is "User ID and Password" 
(step S908) . In the case where it is "User ID and 
Password" as a result of the determination, the user 
interface screen prompting for the user ID and the 
password is displayed on the LCD 23 and the inputted 
user ID and password are compared to the user ID value 
and the password value held in advance in the RAM 22 or 
the disk 30 (step S909) , and in the case where they 
coincide, the login processing is continued in the step 
S903. In the case where they do not coincide, the 
processing is aborted as no login allowed. 
[0161] 

In the case where it is not "User ID and 
Password" as a result of the determination in the step 
S908, an attempt is made to access the directory server 
shown in the attribute information 305 so as to 
determine whether or not it is connectable (step S910) . 
[0162] 

In the case where it is accessible, the user 
interface screen prompting for the user ID and the 
password is displayed on the LCD 23 (step S912), and 
the inputted user ID and password are used to obtain 
the access ticket from the directory server 6 by the 
Kerberos protocol (step S914) . 
[0163] 

On the other hand, in the case where an error is 
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sent in reply from the directory server 6 to the effect 
that the user name or the password is invalid, such as 
a case of incorrect user name or password, the user 
interface screen prompting for the user ID and the 
password is displayed again in the step S912. 
[0164] 

And the access ticket obtained from the 
directory server is decrypted by using a cryptograph 
key 306 (step S915) . Validity of the access ticket is 
determined (step S916) . This determination is made by 
checking whether the ticket is within its expiration 
date and whether the permitted number of prints is one 
or more. In the case where the access ticket is not 
valid as a result of the determination in the step S916, 
the user interface screen representing that the devices 
may not be used with this user name is displayed on the 
LCD 23 (step S917) to finish the process. 
[0165] 

On the other hand, in the case where the access 
ticket is valid as a result of the determination in the 
step S916, the login information is stored and the user 
cache information is updated (step S925) . Of the login 
information, the number of prints held by the access 
ticket is set as the permitted number of prints. 
[0166] 

FIG. 22 is a diagram showing the data structure 
of the user information cache. This user information 
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cache is held in the RAM 22 or the disk 30. The user 
information cache is updated by adding the user name 
and the password used when obtaining the access ticket, 
the user ID and the permitted number of prints in the 
access ticket, and a login time as the data. In the 
case where the same user name already exists in the 
user information cache, the existing information is 
updated. And then, after the process of the step S925, 
a print pending job is processed (step S922) to finish 
the process. 
[0167] 

On the other hand, in the case where it is 
impossible to access the directory server 6 in the step 
S910, the attribute information (Permission to Use in 
case of Inaccessible Directory Server) 307 is obtained 
to determine whether or not it is available even if the 
server cannot be connected (step S911) . In the case 
where permission to use is not given, the user 
interface screen representing that a login is not 
permitted currently is displayed on the LCD 23 (step 
S920) to finish the process. 
[0168] 

On the other hand, in the case where permission 
to use is not given in the step S911, the user 
interface screen prompting for the user name and the 
password is displayed on the LCD 23 (step S918) , and it 
is determined whether or not the inputted pair of the 



103 



user name and the password exists in the user 
information cache held by the RAM 22 or the disk 30 
(step S919) . In the case where it does not exist in the 
user information cache as a result of this 
determination, the user interface screen representing 
that the devices may not be used with this user name 
currently is displayed on the LCD 23 (step S921) to 
finish the process. 
[0169] 

On the other hand, in the case where the pair of 
the user name and the password exists in the user 
information cache as a result of the determination in 
the step S919, the permitted number of prints is 
computed by the process mentioned later, and this value 
and the user ID are stored as the login information 

(step S923) . In addition, the value of "Join Security 
Domain (Inaccessible Directory Server)" is set in the 
user management mode in the login information. After 
the process of the step S923, a print pending job is 
processed (step S922) to finish the process. 

[0170] 

The login information stored in this login 
process is used in order to limit and record operation 
in issuing jobs in a login session. To be more specific, 
in the case where the printing is performed exceeding 
the permitted number of prints in the login information, 
the job is aborted. In addition, the number of prints 
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printed in the job is subtracted from the permitted 

number of prints in the login information. 

[0171] 

Furthermore, in the case where the user 
management mode in the login information is "Join 
Security Domain (Inaccessible Directory Server)," the 
value is updated by subtracting the number of prints 
printed in the job from the value of the maximum number 
of prints 312 or the permitted number of prints of the 
user information cache 1013 in accordance with the 
contents of "Limit Types for Use in case of 
Inaccessible Directory Server" 308 that is the 
attribute information held in the devices. The user ID 
in the login information is logged together with the 
number of prints printed in the job issued in the login 
session. And the login information is abandoned when 
the user logs off. 
[0172] 

Moreover, even in the case where it is possible 
to connect to the directory server in this embodiment, 
the login information holds the permitted number of 
prints as of logging in in the step S925 and the 
permitted number of prints is only updated by the job 
issued from the console within the login period. In the 
case where it is possible to connect to the directory 
server, however, it is also feasible to obtain the 
permitted number of prints of the user held by the 
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directory server immediately before the job is issued 
and limit the permitted number of prints thereby. In 
this case, the TGT is included in the login information 
held in the step S925 and the permitted number of 
prints of the user held by the directory server 6 
immediately before the job is issued is thereby 
obtained by the Kerberos protocol and the LDAP protocol. 
[0173] 

The data of the user information cache to be 
updated in the process of FIGS. 20 and 21 is held in 
the RAM 22 or the disk 30 as aforementioned. The data 
is represented as a set of one record in one line, and 
one record is comprised of a user name 1010, a password 
1011, a user 1012, a permitted number of prints 1013 
and a login time 1014. 
[0174] 

FIG. 23 is a flowchart showing the procedure of 
the print pending job in the steps S924 and S922. This 
process is performed on the MFP(l) 1. First, a list of 
the jobs of which execution of printing is pending in 
the MFP(l) 1 is obtained (step S1101) . 
[0175] 

The user ID in the login information held in 
FIGS. 20 and 21 is compared to the user ID including as 
the attributes the jobs obtained in the step S1101 so 
as to create the list of the jobs in which both of them 
correspond (step S1102) . The user IDs of the jobs 
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compared here are obtained and used by decrypting the 
access ticket in the case where the access ticket 726 
exists in the job, and if not, a user ID 724 included 
in the job is used. 
[0176] 

As a result of the process in the step S1102, it 
is determined whether or not the list is blank (step 
S1103), and the process is finished in the case where 
it is not blank as a result of the determination. 
[0177] 

On the other hand, in the case where it is blank 
in the step S1103, the list of the jobs in which the 
user IDs correspond is displayed as the user interface 
screen on the LCD 23 (step S1104) . FIG. 24 is a diagram 
showing the user interface screen displayed on an LCD 
23 in the step S1104. In the diagram, 1202 indicates 
the list of the jobs created in the step S1102. 1203 is 
the OK button for having the job executed, and 1204 is 
a cancel button for closing the user interface screen 
without having the job executed. 
[0178] 

And it is determined which of the OK button 1203 
and the cancel button 1204 was pushed (step S1105) , and 
in the case where the cancel button was pushed, it is 
terminated by closing the user interface screen. On the 
other hand, in the case where the OK button was pushed, 
the jobs in the list of the jobs created in the step 
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S1102 are executed (step S1106) to finish the process. 
[0179] 

FIGS. 25 and 26 are flowcharts showing the 
procedure when the MFP(l) 1 receives an access command 
for obtaining or setting individual attribute 
information from the PC(1) 2, the PC (2) 3 and the PC (3) 
4. First, the received command and its parameter are 
analyzed (step S1301) . 
[0180] 

It is determined whether or not the received 
command is an attribute acquirement command from the 
analysis results (step S1302) . In the case where it is 
the attribute acquirement command, it is determined 
whether or not the attribute specified by the attribute 
acquirement command can be acquired (step S1303) . In 
the case where it can be acquired, the value of the 
attribute held in the MFP is obtained (step S1304), and 
the obtained attribute value is set as the parameter of 
a send reply command, and the send reply command to the 
attribute acquirement command is sent to driver 
software (step S1305) to finish the process. 
[0181] 

On the other hand, in the case where the 
attribute cannot be acquired in the step S1303, a 
notice that the attribute acquirement failed is sent to 
the driver software (step S1317) to finish the process. 
[0182] 
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On the other hand, in the case where it is not 
the attribute acquirement command in the step S1302, it 
is determined whether or not the received command is an 
attribute value change command from the analysis 
results in the step 1301 (step S1311) - In the case 
where it is the attribute value change command, it is 
determined whether or not the attribute specified by 
the attribute value change command can be changed (step 
S1312) . 
[0183] 

In the case where it can be changed, the 
specified attribute is changed to the specified 
attribute value according to a specified command 
parameter (step S1313), and the notice that the 
attribute value was successfully changed is sent to the 
driver software (step S1314) to finish the process. On 
the other hand, in the case where it cannot be changed, 
the notice that the attribute value change failed is 
sent to the driver software (step S1315) to finish the 
process. On the other hand, in the case where it is not 
the attribute value change command in the step S1311, 
the received command is another command, and so the 
process depending on the other command is performed 
(step S1316) to finish the process. 
[0184] 

FIGS. 27 and 28 are flowcharts showing the 
procedure for issuing a management command such as 
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device management or job management from the PC(1) 2, 
the PC (2) 3 and the PC (3) 4 to the MFP(l) 1. This 
process is performed on the PC (2) 3 and the PC (3) 4. 
First, the attribute information (current user 
management mode) 302 held by the MFP(l) 1 is obtained 
(step S1401) . 
[0185] 

It is determined whether or not the value of the 
attribute information 302 is "No User Management" (step 
S1402) . In the case where it is "No User Management" as 
a result of the determination, the management command 
shown in FIG. 29 is generated and sent to the MFP(l) 1 
(step S1403) . FIG. 29 is a diagram showing the data 
structure of the management command. In the diagram, 
reference numeral 1501 represents the user management 
mode and indicates which information of a user ID 1502, 
a password 1503 and an access ticket 1504 is valid. In 
addition, reference numeral 1505 represents a command 
type. Moreover, reference numeral 1506 represents a 
length of a parameter 1507 required for the command. 
[0186] 

The MFP(l) 1 processes the received management 
command according to the procedure shown in FIGS. 30 
and 31, and transmits the results. The reply sent from 
the MFP(l) 1 is processed (step S1417) . This process is 
different depending of the process of the management 
command sent in the step S1403, and especially in the 
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case where the management command is "List Jobs " that is 
a command for obtaining the list of the jobs of which 
management command is held in the MFP, the list of the 
jobs included in the reply is displayed as the user 
interface screen on the CRT 33. This process is 
finished thereafter . 
[0187] 

On the other hand, in the case where there is 
the user management as a result of the determination in 
the step S1402, it is determined whether or not the 
value of the attribute information 302 is "Password' 1 

(step S1404) . In the case where it is "Password" as a 
result of the determination, the user interface screen 
prompting for the password is displayed on the CRT 33 

(step S1405) . And the management command setting the 
inputted password is generated and is sent to the 
MFP(l) 1 in the step S1403. 

[0188] 

On the other hand, in the case where there is no 
password as a result of the determination in the step 
S1404, it is determined whether or not the value of the 
attribute information 302 is "User ID" (step S1406) . In 
the case where it is "User ID" as a result of the 
determination, the user interface screen prompting for 
the user ID is displayed on the CRT 33 (step S1407) . 
And the management command setting the inputted user ID 
is generated and is sent to the MFP(l) 1 in the step 
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S1403. 
[0189] 

On the other hand, in the case where it is not 
"User ID" as a result of the determination in the step 
S1406, it is determined whether or not the value of the 
attribute information 302 is "User ID and Password" 
(step S1408) . In the case where it is "User ID and 
Password" as a result of the determination, the user 
interface screen prompting for the user ID and the 
password is displayed on the CRT 33 (step S1409) . And 
the management command setting the inputted user ID and 
the password is generated and is sent to the MFP(l) 1 
in the step S1403. 
[0190] 

On the other hand, in the case where it is not 
"User ID and Password" as a result of the determination 
in the step S1408, it is determined on the PC being 
used whether or not the user has already logged in to 
the security domain managed by the directory server 6 

(step S1410) . This determination is made by inquiring 
of an operating system of the PC being used. 

[0191] 

In the case where the user has not logged in as 
a result of the determination, the user interface 
screen prompting for the user ID and password is 
displayed on the CRT 33 (step S1411), and the 
information is sent to the directory server 6 by using 
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the Kerberos protocol so as to obtain the TGT (Ticket 

Generation Ticket) information (step S1413) . 

[0192] 

On the other hand, in the case where the user 
has already logged in as a result of the determination 
in the step S1410, the TGT used in the current session 
is requested of the operating system and is obtained 
since the user has already logged in (step S1412) . 
[0193] 

The TGT obtained in the step S1412 or S1413 and 
the identifier (parameter) identifying the MFP(l) 1 of 
the job issue destination are sent to the directory 
server 6 by the Kerberos protocol to obtain the access 
ticket for the MFP(l) 1 (step S1414) . The access ticket 
obtained here has the information on the user name, the 
user ID, the user's permitted number of prints and its 
expiration date encrypted by cryptograph key 306 of the 
MFP(l) 1. The data format in the access ticket and the 
encryption (algorithm) to be used are uniquely 
determined in advance according to the currently 
corresponding directory server type 304, 
[0194] 

The management command setting the access ticket 
obtained in the step S1414 is generated and is sent to 
the MFP(l) 1 (step S1415) . The same reply process as in 
the step S1417 is performed thereafter (step S1416) . 
The process is finished thereafter. 
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[0195] 

FIGS. 30 and 31 are flowcharts showing the 
procedure for MFP(l) to process the management command 
generated by the process in FIGS. 27 and 28 and then 
sent to the MFP(l) 1. This process is performed on the 
MFP(l) 1. 
[0196] 

First, the attribute information (current user 
management mode) 302 is obtained (step S1601) . It is 
determined whether or not the value of the attribute 
information 302 is "No User Management" (step S1602) . 
In the case of "No User Management" as a result of the 
determination, the value 0 is set on the user ID 1502 
in the management command (step S1603) , and processing 
is performed according to the command types from the 
step S1613 onward. 
[0197] 

On the other hand, in the case where there is 
the user management as a result of the determination in 
the step S1602, it is determined whether or not the 
value of the attribute information 302 is "Password" 
(step S1604) . In the case where it is "Password" as a 
result of the determination, the password value held in 
advance in the RAM 22 or the disk 30 is compared to the 
password 1503, and in the case where they coincide, the 
value 0 is set on the user ID 1502 in the management 
command (step S1605) . Hereafter, processing is 
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performed according to the command types from the step 
S1613 onward. In the case where they do not coincide, 
the error is returned and the management command 
processing is aborted. 
[0198] 

On the other hand, in the case where it is not 
"Password" as a result of the determination in the step 
S1604, it is determined whether or not the value of the 
attribute information 302 is "User ID" (step S1606) . In 
the case where it is "User ID" as a result of the 
determination, the user ID value held in advance in the 
RAM 22 or the disk 30 is compared to the user ID 1502 
(step S1607) . In the case where they coincide, 
processing is performed according to the command types 
from the step S1613 onward. In the case where they do 
not coincide, the error is returned and the management 
command processing is aborted. 
[0199] 

In the case where it is not "User ID" as a 
result of the determination in the step S1606, it is 
determined whether or not the value of the attribute 
information 302 is "User ID and Password" (step S1608) . 
In the case where it is "User ID and Password" as a 
result of the determination, the user ID value and the 
password value held in advance in the RAM 22 or the 
disk 30 are compared to the user ID 1502 and the 
password 1503 respectively (step S1607), and in the 
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case where they coincide, processing is performed 
according to the command types from the step SI 613 
onward. In the case where they do not coincide, the 
error is returned and the management command processing 
is aborted. 
[0200] 

On the other hand, in the case where it is not 
"User ID and Password" in the step S1608, the value of 
the access ticket 1504 is decrypted by using the 
cryptograph key 306 (step S1610) . The validity and the 
expiration date of the access ticket are determined as 
a result of the decryption (step S1611), and in the 
case where the access ticket is valid as a result of 
the determination, the user ID in the access ticket is 
set as the user ID 1502 in the management command, and 
processing is performed according to the command types 
from the step S1613 onward. On the other hand, in the 
case where the access ticket is invalid as a result of 
the determination in the step S1611, the error is 
returned (step S1612) , and the management command 
processing is finished. 
[0201] 

In the process from the step S1613 onward, it is 
determined whether or not the command type 1505 is 
"ListJobs" (to obtain the list of the jobs) (step 
S1613) . In the case where the command type 1505 is 
"ListJobs" as a result of the determination, the list 
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of the jobs held in the MFP(l) 1 is obtained (step 
S1614). At this time, if "Current User Management Mode" 
302 is "Join Security Domain, " the access ticket 726 of 
each job is decrypted with the cryptograph key 306 and 
the obtained user ID is set as the user ID 724 of the 
job. 
[0202] 

And the user ID 724 of the job obtained in the 
step S1614 is compared to the user ID 1502 included in 
the management command, so that the job name of the job 
wherein they do not correspond is converted into a 
blank (step S1615) . On the other hand, the job name of 
the job wherein they correspond is not converted into a 
blank. The job list obtained in the step S1615 is 
returned (step S1616) and the process is finished. 
[0203] 

On the other hand, it is determined whether or 
not the command type 1505 is "CancelJob" (to cancel a 
specified job) as a result of the determination in the 
step S1613 (step S1617) . In the case where the command 
type 1505 is not "CancelJob 11 as a result of the 
determination, the device management command is 
processed (step S1619) to finish the process. In the 
processing of the device management command in the step 
S1619, a plurality of device management commands may be 
processed by dividing them into cases by using the 
command type 1505. 
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[0204] 

As a result of the determination in the step 
S1617, the information on the specified job is obtained 
(step S1618) - In the case where "Current User 
Management Mode" 302 is "Join Security Domain" at this 
time, the access ticket 726 of the job is decrypted 
with the cryptograph key 306 and the obtained user ID 
is set as the user ID 724 of the job. 
[0205] 

And the user ID 724 of the job is compared to 
the user ID 1502 included in the management command 

(step S1620), and in the case where they do not 
correspond, it is replied that the execution of the 
management command failed (step S1623) to finish the 
process. On the other hand, in the case where they 
correspond in the step S1620, the specified job is 
cancelled (step S1621), and it is replied that the 
execution of the management command was successful 

(step S1622) to finish the process. 

[0206] 

Moreover, it is possible, by changing the 
process in the step S1621, to have the job management 
other than a job cancel to which a job access control 
function is added (a temporary halt, a restart, an 
interruption, higher priority and lower priority of the 
job, for instance) performed. 
[0207] 



118 

FIG. 32 is a flowchart showing the procedure for 
totaling the logs of the MFP(l) 1 and the MFP(2) 5 and 
updating the permitted number of prints and the number 
of accumulated prints for each user of the directory 
server 6. This process is performed on the directory 
server 6. First, the logs are obtained from the subject 
MFPs (step S1901) . 
[0208] 

The number of prints printed for each user ID is 
totaled from the log information (step S1902) . The 
permitted number of prints and the accumulated number 
of prints of each user are obtained from the directory 
server 6 by the LDAP protocol, and the obtained number 
of prints is subtracted from the permitted number of 
prints, and is further added to the accumulated number 
of prints, and then the obtained results are set in the 
directory server 6 by the LDAP protocol (step S1903) . 
Thus, the permitted number of prints and the 
accumulated number of prints for each user in the 
directory server 6 are updated. 
[0209] 

Thus, the process in FIG. 32 is performed to the 
MFP(l) 1 and the MFP(2) 5 so that the permitted number 
of prints and the accumulated number of prints for the 
two MFPs are centrally managed by the directory server 
6. 

[0210] 
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Moreover, as another embodiment, in the case 
where the data of the directory server 6 is updated by 
connecting to the directory server 6 each time the job 
is finished without logging the number of prints used 
in the job, it is not necessary to perform the process 
in FIG. 32. 
[0211] 

FIGS. 33 and 34 are flowcharts showing a 
computing procedure for computing the permitted number 
of prints when it is impossible to connect to the 
directory server in the step S923 in FIGS. 20 and 21. 
This process is performed on the MFP(l) 1. First, 
Current Limit Type for Use in case of Inaccessible 
Directory Server 309 is obtained (step S2001) . 
[0212] 

It is determined whether or not the limit type 
309 is "No Limit" (step S2002) . In the case where it is 
no limit as a result of the determination, the 
permitted number of prints is set as infinity (step 

52003) to finish the process. On the other hand, in the 
case where it is not no limit as a result of the 
determination in the step S2002, it is determined which 
of "Time," "Time and Fixed Max No. of Prints," or "Time 
and Max No. of Prints" the limit type 309 is (step 

52004) . In the case it falls under one of them as a 
result of the determination, the user's final login 
time 1014 in the user information cache is obtained 
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(step S2005), and it is determined whether the time 
difference between this time and the current time is 
the value specified by the time limit length 310 or 
less (step S2006) . 
[0213] 

In the case where it is the specified value or 
less, the permitted number of prints is set at 0 (step 
S2007) to finish the process. On the other hand, in the 
case where it is not any of "Time, " "Time and Fixed Max 
No. of Prints," or "Time and Max No. of Prints" or in 
the case where it is within the time limit in the step 
S2006 as a result of the determination in the step 
S2004, it is determined which of "Fixed Max No. of 
Prints," or "Time and Fixed Max No. of Prints" the 
limit type 309 is (step S2008) . 
[0214] 

In the case where it is either "Fixed Max No. of 
Prints," or "Time and Fixed Max No. of Prints," the 
value of the maximum number of prints 312 is set as the 
permitted number of prints (step S2010) to finish the 
process. On the other hand, in the case where it is 
neither "Fixed Max No. of Prints," nor "Time and Fixed 
Max No. of Prints," as a result of the determination in 
the step S2008, it is determined which of "Max No. of 
Prints," or "Time and Max No. of Prints" the limit type 
309 is (step S2009) . In the case where it is either 
"Max No. of Prints," or "Time and Max No. of Prints," 
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the number of prints is calculated by the following 
equation (1) so as to set it as the permitted number of 
prints (step S2011) to finish the process. 
[0215] 

Permitted No. of Prints = Permitted No. of 
Prints in User Information Cache 1013 - Reduction Rate 
of Max No. of Prints per Day Time (Days) from Final 
Login ... (1) 

Here, the Time (Days) from Final Login is 
calculated by subtracting the current time from the 
user information cache login time 1014, dividing that 
time by the value 24 and dropping the fractional 
portion. 
[0216] 

On the other hand, in the case where it is 
neither "Max No. of Prints," nor "Time and Max No. of 
Prints, " as a result of the determination in the step 
S2009, Max No. of Prints for each Login 313 is set as 
the permitted number of prints (step S2012) to finish 
the process. 
[0217] 

Moreover, while "Supported User Management 
Modes," "Adaptive Directory Server Types," and "Limit 
Types for Use in case of Inaccessible Directory Server" 
are obtained by the PC(1) 2, the PC (2) 3 and the PC (3) 
4 directly from the MFP(l) 1 according to the 
procedures shown in the flowcharts in FIGS. 6, 8 and 10 
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respectively in this embodiment, it is also feasible, 
as another embodiment, to obtain "Supported User 
Management Modes," "Adaptive Directory Server Types," 
and "Limit Types for Use in case of Inaccessible 
Directory Server" from the MFP(l) 1 and hold them as 
the device information in the directory server 6 once 
so that the PC(1) 2, the PC (2) 3 and the PC (3) 4 will 
obtain them from the directory server 6. 
[0218] 

(Second Embodiment) 

While the access ticket is included in the 
management command in FIG. 29 in the above described 
first embodiment, a data size of the access ticket is 
generally larger than other data sizes of the 
management commands, which may result in a problem in 
performance and so on. A peripheral equipment control 
system to solve this problem will be described as the 
second embodiment below. 
[0219] 

FIG. 35 is a diagram showing the data structure 
of the management command generated by a management 
command generation process mentioned later and sent to 
the MFP(l). In the diagram, reference numeral 2301 
denotes the user management mode and indicates which 
information of a user ID 2302, a password 2303 and a 
session key 2304 is valid. 
[0220] 
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The session key 2304 is issued by the MFP(l) 1 
and is associated with the access ticket one to one by 
an access ticket cache in the MFP(l) 1. In the diagram, 
reference numeral 2305 denotes the command type. 
Reference numeral 2306 denotes the length of a 
parameter 2307 required for the command. 
[0221] 

FIG. 36 is a diagram showing the data structure 
of the access ticket cache held in the RAM 22 by the 
process of the access ticket setting command mentioned 
later. The access ticket cache is comprised of a 
plurality of records, wherein one record is a pair of a 
session key 2401 and an access ticket 2402. The access 
ticket held here is one after decryption by using the 
cryptograph key 306. 
[0222] 

FIGS. 37 and 38 are flowcharts showing the 
procedure for MFP(l) to process the management command 
generated by a management command generation process 
mentioned later and sent to the MFP(l) . This procedure 
is performed on the MFP(l) 1. As the step processing up 
to the step S1608 in FIGS. 30 and 31 are the same in 
this procedure, that step processing is omitted, and 
the case where the determination process in the step 
S1608 is NO (false), that is, the case where the user 
management mode is "Join Security Domain" will be 
described first. 
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[0223] 

First, it is determined whether or not the 
session key 2304 has the value 0 (step S2501) . In the 
case where the session key 2304 has the value 0 as a 
result of the determination in the step S2501, it is 
determined whether or not the management command type 
2305 is the "access ticket setting command" (step 
S2502) . In the case where it is not the "access ticket 
setting command, " the error is returned (step S2507) to 
finish the process. 
[0224] 

On the other hand, in the case where it is the 
"access ticket setting command" as a result of the 
determination in the step S2502, the value of the 
access ticket included in the management command 
parameter 2307 is decrypted by using the cryptograph 
key 306 (step S2519) . As a result of the decryption, 
the validity and the expiration date of the access 
ticket are determined (step S2520) . 
[0225] 

In the case where the access ticket is not valid, 
the error is returned (step S2521) to finish the 
processing of the management command. On the other hand, 
in the case where the access ticket is valid as a 
result of the determination in the step S2520, the 
session key corresponding to the access ticket one to 
one is generated, and the contents of the decrypted 
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access ticket are stored in the access ticket cache 
together with the session key (step S2503) . The 
generated session key is returned (step S2504) to 
finish the process. 
[0226] 

On the other hand, in the case where the session 
key has any value other than 0 in the step S2501, the 
session key is searched for in the access ticket cache 
(step S2505), and it is determined whether or not the 
session key exists (step S2506) . As a result of the 
determination, the error is returned (step S2507) to 
finish the process. 
[0227] 

On the other hand, in the case where the session 
key exists as a result of the determination in the step 
S2506, the access ticket corresponding to the session 
key is obtained from the access ticket cache, and the 
user ID in the access ticket is set as the user ID 2302 
in the management command (step S2522) and processing 
is performed according to the command type from the 
step S2508 onward. 
[0228] 

In the process from the step S2508 onward, it is 
determined whether or not the command type 2305 is 
"ListJobs" (to obtain the list of the jobs) (step 
S2508) . In the case where the command type 2305 is 
"ListJobs" as a result of the determination, the list 
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of the jobs held in the MFP(l) 1 is obtained (step 
S2509) . At this time, if "Current User Management Mode" 
302 is "Join Security Domain, " the access ticket 726 of 
each job is decrypted with the cryptograph key 306 and 
the obtained user ID is set as the user ID 724 of the 
job . 
[0229] 

The user ID 724 of the job obtained in the step 
S2509 is compared to the user ID 2302 included in the 
management command, so that the job name of the job 
wherein they do not correspond is converted into a 
blank (step S2510) . The obtained job list is returned 

(step S2511) to finish the process. 

[0230] 

On the other hand, it is determined whether or 
not the command type 1505 is "Cancel Job" (to cancel a 
specified job) as a result of the determination in the 
step S2508 {step S2512) . In the case where the command 
type 2305 is not "CancelJob, " the device management 
command is processed (step S2517) to finish the process. 
In the processing of the device management command in 
the step S2517, a plurality of device management 
commands may be processed by dividing them into cases 
by using the command type 2305. 
[0231] 

On the other hand, in the case where the command 
type 1505 is "CancelJob" as a result of the 
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determination in the step S2512, the information of the 
specified job is obtained (step S2513) . At this time, 
if "Current User Management Mode" 302 is "Join Security 
Domain," the access ticket 726 of the job is decrypted 
with the cryptograph key 306 and the obtained user ID 
is set as the user ID 724 of the job. 
[0232] 

And the user ID 724 of the job is compared to 
the user ID 2302 included in the management command 

(step S2514), and in the case where they do not 
correspond, it is replied that the execution of the 
management command failed (step S2518) to finish the 
process . 

[0233] 

On the other hand, in the case where they 
correspond in the step S2514, the specified job is 
cancelled (step S2515), and it is replied that the 
execution of the management command was successful 
(step S2516) to finish the process. 
[0234] 

Moreover, it is also possible, by applying the 
management command procedure shown in FIGS. 37 and 38 
when processing the job, to have the session key 
included in the job instead of having the access ticket 
included in the job as shown in FIGS. 17, 18 and 19. 
[0235] 

FIG. 39 is a flowchart showing the procedure for 
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issuing the management command such as the device 
management or the job management from the PC(1) 2, the 
PC (2) 3 and the PC (3) 4 to the MFP(l) 1 performing the 
process in FIGS. 37 and 38. This procedure is performed 
on the PC(1) 2, the PC (2) 3 and the PC (3) 4. As this 
procedure is the same up to the steps S1412 and S1413 
in FIGS. 27 and 28, the procedure after the TGT is 
obtained by the steps S1412 or S1413 is described here. 
[0236] 

To be more specific, the TGT obtained in the 
step S1412 or S1413 and the identifier (parameter) 
identifying the MFP(l) 1 of the job issue destination 
are sent to the directory server 6 by the Kerberos 
protocol to obtain the access ticket for the MFP(l) 1 
(step S2601) . The access ticket obtained here has the 
information on the user name, the user ID, the user's 
permitted number of prints and its expiration date that 
are encrypted by the cryptograph key 306 of the MFP(l) 
1. The data format in the access ticket and encryption 
(algorithm) to be used are uniquely determined in 
advance according to the currently corresponding 
directory server type 304. 
[0237] 

The access ticket setting command wherein the 
access ticket obtained in the step S2601 is set as the 
command parameter 2307 is generated and sent to the 
MFP(l) 1 (step S2 602). As for the management command 
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sent here, the session key 2304 has the value 0 and the 
command type 2305 is the "access ticket setting 
command . 11 
[0238] 

It is determined whether or not the reply from 
the MFP(l) 1 is the error (step S2603), and the process 
is terminated in the case of the error. On the other 
hand, in the case where it is not the error as a result 
of the determination in the step S2603, the session key 
obtained in the step S2 602 is set as the management 
command session key 2304, and appropriate values are 
set on the management command type 2 305, the command 
parameter length 2306 and the command parameter 2307 of 
the management command data and they are sent to the 
MFP(l) 1 (step S2604) . The reply from the MFP(l) 1 is 
processed (step S2605) to finish the process. 
[0239] 

Moreover, when the same user issues the job 
management command or the device management command to 
the same MFP, the required access ticket has already 
been held by the MFP and the session key thereto has 
been obtained, so that the steps from the step S2601 to 
the step S2603 may be omitted. Thus, the job management 
and the device management of the MFP can be implemented 
with good performance. 
[0240] 

As set forth above, according to the above 
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embodiment, unified job management can be performed as 
to the access in the network environment. In addition, 
unified job management can be performed as to the 
access in the network environment. Moreover, only the 
user who issued the job can cancel the job. 
[0241] 

In addition, only the user who issued the job 
can know the entire information on the job, and the 
other users can only know partial information on the 
job. Moreover, it is possible to perform unified job 
information on the access with good performance in the 
network environment. Furthermore, only the user who 
issued the job can cancel the job with good performance. 
Moreover, only the user who issued the job can know the 
entire information with good performance, and the other 
users can only know the partial information on the job. 
[0242] 

In addition, it is possible to perform unified 
device management as to the access in the network 
environment. Moreover, it is possible to perform 
unified device management as to the access in the 
network environment with good performance. It is also 
possible to issue the job management command to the 
MFPs. Furthermore, it is possible to issue a job cancel 
command to the MFPs. It is also possible to display the 
jobs to the MFPs. Furthermore, it is possible to issue 
the device management command to the MFPs. 
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[0243] 

According to this embodiment, it is possible to 
obtain the list of the directory server types which the 
MFPs can support from the outside via the network and 
so on. In addition, it is possible to obtain and set 
the directory server types which the MFPs are currently 
supporting from the outside via the network and so on. 
Furthermore, it is possible to obtain the list of the 
directory server types which can be supported and 
display it on the user interface. It is also possible 
to obtain the directory server which can be supported 
and display it on the user interface and also change 
the settings. 
[0244] 

According to this embodiment, it is possible to 
use the unified user information on a plurality of MFPs. 
In addition, it is possible to centrally manage the 
number of accumulated prints and the maximum number of 
prints in the environment using a plurality of MFPs. 
Moreover, it is possible to limit printing for each 
user by the maximum number of prints in the environment 
using a plurality of MFPs. 
[0245] 

In addition, it is possible to set an operation 
mode to be taken in the case of a failure of connecting 
to the directory server from the outside via the 
network and so on. Furthermore, the MFPs can be used in 
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the case of a failure of connecting to the directory 
server. Moreover, the MFPs can be used within a fixed 
time of the final normal login in the case of a failure 
of connecting to the directory server. In addition, the 
MFPs can be used to the extent not exceeding the 
maximum number of prints stored in the device within 
the fixed time of the final normal login in the case of 
a failure of connecting to the directory server. 
Moreover, the MFPs can be used up the maximum number of 
prints at the time of the final normal login within the 
fixed time of the final normal login in the case of a 
failure of connecting to the directory server. In 
addition, the MFPs can be used to the extent not 
exceeding the maximum number of prints stored in the 
device in the case of a failure of connecting to the 
directory server. 
[0246] 

In addition, the MFPs can be used up the maximum 
number of prints at the time of the final normal login 
in the case of a failure of connecting to the directory 
server. Moreover, the MFPs can be used to the extent 
not exceeding the maximum number of prints for each 
login in the case of a failure of connecting to the 
directory server. In addition, it is possible to 
prohibit the user from using the MFPs in order to 
perform correct user management in the case of a 
failure of connecting to the directory server. 
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Furthermore, the MFPs can be used up the maximum number 
of prints to which the expected number of prints after 
normally connecting to the directory server is added. 
In addition, it is possible to issue the jobs to the 
MFPs. 
[0247] 

Moreover, while the embodiments of the present 
invention were described above, the present invention 
is not limited to the configurations of these 
embodiments, but it is applicable to any configuration 
capable of accomplishing the functions according to the 
claims or the functions that the configurations of the 
embodiments have. 
[0248] 

In addition, it is needless to say that the 
present invention is applicable to the cases where it 
can be accomplished by supplying the program to the 
system or the equipment by means of a record medium 
storing a program code of software for implementing the 
functions of the aforementioned embodiments. In this 
case, the program code read from the storage medium 
itself implements a new function of the present 
invention, so that the storage medium storing the 
program constitutes the present invention. 
[0249] 

In the above embodiments, the program code shown 
in each flowchart is stored in the storage medium. As 
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for the storage medium for supplying the program code, 
for instance, a ROM, a floppy disk, a hard disk, an 
optical disk, a magneto-optical disk, a CD-ROM, a CD-R, 
a DVD, a magnetic tape, a nonvolatile memory card and 
so on can be used. 
[0250] 

[Effect of the Invention] 

According to the present invention, unified 
access control can be performed as to the job 
management in the network environment. In addition, the 
unified access control can be performed as to the job 
management in the network environment so that the 
performance will not deteriorate. 
[0251] 

In addition, it can provide a general purpose 
peripheral equipment control system wherein the 
peripheral equipment control software does not require 
the subject MFP to wait for the information on the 
corresponding directory server type. 
[0252] 

Moreover, the unified management of the user 
information is performed so that the same user 
information can be used by a plurality of devices in 
the environment for using a plurality of devices 
connected to the network and so on. In addition, it is 
possible to perform central management of the 
accumulated number of prints and the maximum number of 
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prints of the user in the environment for using a 
plurality of devices connected to the network and so on. 
Furthermore, it is possible to temporarily use the MFPs 
in the case of a network failure. 
[Brief Description of the Drawings] 
[FIGURE 1] 

A block diagram showing a configuration of a 
peripheral equipment control system according to the 
first embodiment. 

[FIGURE 2] 

A block diagram showing a configuration of 
peripheral equipment (an MFP(l) and an MFP(2)). 
[FIGURE 3] 

A block diagram showing a hardware configuration 
of a controller 11. 

[FIGURE 4] 

A block diagram showing the hardware 
configuration of a PC constituting a network system. 
[FIGURE 5] 

A diagram showing attribute information held by 
the peripheral equipment 1. 
[FIGURE 6] 

A flowchart showing a procedure for displaying 
and/or changing a user management mode of the 
peripheral equipment 1 from a PC(1), a PC (2) and a 
PC (3) . 

[FIGURE 7] 
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A diagram showing a user interface screen 
displayed on a CRT 33 in a state of waiting for user- 
input in a step S1705. 
[FIGURE 8] 

A flowchart showing an operating procedure for 
displaying and/or changing a directory server 
corresponding to the peripheral equipment 1 from the 
PC(1), the PC (2) and the PC (3). 

[FIGURE 9] 

A diagram showing user interface screen 
displayed on a CRT 33 in a state of waiting for user- 
input in a step S1807. 
[FIGURE 10] 

A flowchart showing the procedure for displaying 
and/or changing how to permit a login from the PC(1), 
the PC (2) and the PC (3) in the case where the 
peripheral equipment 1 cannot be connected to a 
directory server 6. 

[FIGURE 11] 

A diagram showing a user interface screen 
displayed on a CRT 33 in a state of waiting for user- 
input in a step S2207. 
[FIGURE 12] 

A flowchart showing the procedure for issuing a 
print job, a scanner job, a fax transmission job and a 
copy job from the PC(1), the PC (2) and the PC (3) to the 
peripheral equipment 1. 
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[FIGURE 13] 

A flowchart following FIG. 12 for showing the 
procedure for issuing a print job, a scanner job, a fax 
transmission job and a copy job from the PC(1), the 
PC (2) and the PC (3) to the peripheral equipment 1. 
[FIGURE 14] 

A flowchart showing the procedure for issuing a 
job in a step S403. 

[FIGURE 15] 

A flowchart showing the procedure for receiving 
a job submitting command when the peripheral equipment 
1 receives the job issued by the process in FIG. 14. 
[FIGURE 16] 

A flowchart following FIG. 15 for showing the 
procedure for receiving the job submitting command when 
the peripheral equipment 1 receives the job issued by 
the process in FIG. 14. 
[FIGURE 17] 

A diagram showing a data structure of the job 
held in the peripheral equipment 1 as a result of the 
process in FIG. 14. 

[FIGURE 18] 

A flowchart showing the procedure of the job 
data held in the peripheral equipment 1 shown in FIG. 
17 . 

[FIGURE 19] 

A flowchart following FIG. 18 for showing the 
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procedure of the job data held in the peripheral 
equipment 1 shown in FIG . 17. 
[FIGURE 20] 

A flowchart showing a login procedure from an 
operation division of the peripheral equipment 1. 
[FIGURE 21] 

A flowchart following FIG. 20 for showing the 
login procedure from the operation division of the 
peripheral equipment 1. 
[FIGURE 22] 

A diagram showing the data structure of a user 
information cache. 

[FIGURE 23] 

A flowchart showing the procedure of a print 
pending job in steps S924 and S922. 
[FIGURE 24] 

A diagram showing the user interface screen 
displayed on an LCD 23 in a step S1104. 
[FIGURE 25] 

A flowchart showing the procedure when the 
peripheral equipment 1 receives an access command for 
obtaining or setting individual attribute information 
from the PC(1), the PC (2) and the PC (3), 
[FIGURE 26] 

A flowchart following FIG. 25 for showing the 
procedure when the peripheral equipment 1 receives an 
access command for obtaining or setting the individual 
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attribute information from the PC(1), the PC (2) and the 
PC(3) . 

[FIGURE 27] 

A flowchart showing the procedure for issuing a 
management command such as device management or job 
management from the PC(1), the PC (2) and the PC (3) to 
the peripheral equipment 1. 
[FIGURE 28] 

A flowchart following FIG. 27 for showing the 
procedure for issuing a management command such as 
device management or job management from the PC(1), the 
PC (2) and the PC (3) to the peripheral equipment 1. 

[FIGURE 29] 

A diagram showing the data structure of the 
management command . 

[FIGURE 30] 

A flowchart showing the procedure for peripheral 
equipment 1 to process the management command generated 
by the process in FIG. 22 and sent to the peripheral 
equipment 1 . 

[FIGURE 31] 

A flowchart following FIG. 30 for showing the 
procedure for peripheral equipment 1 to process the 
management command generated by the process in FIG. 22 
and sent to the peripheral equipment 1 . 

[FIGURE 32] 

A flowchart showing the procedure for totaling 



140 



the logs of the peripheral equipment 1 and the 
peripheral equipment 5 and updating the permitted 
number of prints and the number of accumulated prints 
for each user of the directory server 6. 
[FIGURE 33] 

A flowchart showing a computing procedure for 
computing the permitted number of prints when it is 
impossible to connect to the directory server in the 
step S923 in FIG. 17. 

[FIGURE 34] 

A flowchart following FIG. 33 for showing a 
computing procedure for computing the permitted number 
of prints when it is impossible to connect to the 
directory server in the step S923 in FIG. 17. 
[FIGURE 35] 

A diagram showing the data structure of the 
management command generated by a management command 
generation process mentioned later and sent to the 
peripheral equipment 1. 
[FIGURE 36] 

A diagram showing the data structure of an 
access ticket cache held in a RAM 22 of the peripheral 
equipment 1 by the process of an access ticket setting 
command mentioned later. 
[FIGURE 37] 

A flowchart showing the procedure for the 
peripheral equipment 1 to process the management 
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command generated by a management command generation 
process mentioned later and sent to the peripheral 
equipment 1 . 

[FIGURE 38] 

A flowchart following FIG. 37 for showing the 
procedure for peripheral equipment 1 to process the 
management command generated by the management command 
generation process mentioned later and sent to the 
peripheral equipment 1. 
[FIGURE 39] 

A flowchart showing the procedure for issuing a 
management command such as device management or job 
management from the PC(1), the PC (2) and the PC (3) to 
the peripheral equipment 1 performing the process in 
FIG. 29. 

[Description of Reference Numerals or Symbols] 

2, 3, 4 ... personal computer (PC) 

3, 5 ... peripheral equipment (MFP) 
6 ... directory server 

11 ... controller 
21, 31 ... CPU 
25, 36 ... ROM 

301, 302 ... Attribute information 
724, 1502, 2302 ... user ID 
726, 1504, 2402 ... access ticket 
2304, 2401 ... session key 
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[Name of the Document] Abstract 

[Abstract] 

[Object] 

An object of the present invention is to provide 
peripheral equipment which is capable of unified access 
control related to job management in a network 
environment. 

[Means for Achieving the Object] 

When managing a job inputted via a network or a 
console according to. a job management command issued 
likewise via the network or the console, peripheral 
equipment managed by a directory server connected via 
the network decrypts an access ticket included in the 
job, decrypts the access ticket included in the job 
management command, and manages the job according to 
the decrypted contents of the access ticket included in 
the job and the access ticket included in the job , 
management command. 
[Elected Drawing] 
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